From d9902e0a948d81a8f6f43697bf7ee902ba91436e Mon Sep 17 00:00:00 2001 From: Neil Maderthaner Date: Mon, 12 Jul 2021 12:08:43 +0200 Subject: [PATCH 01/11] Added Logstash helm chart --- charts/lsdobserve/Chart.yaml | 3 +++ charts/lsdobserve/values.yaml | 38 ++++++++++++++++++++++++++++------- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/charts/lsdobserve/Chart.yaml b/charts/lsdobserve/Chart.yaml index 7aa2802..9ddfe1c 100644 --- a/charts/lsdobserve/Chart.yaml +++ b/charts/lsdobserve/Chart.yaml @@ -34,3 +34,6 @@ dependencies: - name: grafana version: "6.7.4" repository: https://grafana.github.io/helm-charts +- name: logstash + version: "7.10.2" + repository: https://helm.elastic.co/logstash diff --git a/charts/lsdobserve/values.yaml b/charts/lsdobserve/values.yaml index 31f9147..bb7acbf 100644 --- a/charts/lsdobserve/values.yaml +++ b/charts/lsdobserve/values.yaml @@ -3,9 +3,10 @@ lsdobserve: # There are your options clusterType: openshift | gke | rancher clusterType: "rancher" eckOperatorVersion: &anchoreckOperatorVersion "1.3.0" - eckVersion: &anchoreckVersion "7.10.0" + eckVersion: &anchoreckVersion "7.10.2" elasticClusterSize: &anchorelasticClusterSize "1" kibanaURL: &anchorkibanaURL "kibana.apps.k8s-01.qa.lsdopen.io" + logstashJavaOpts: &anchorlogstashJavaOpts "-Xms1g -Xmx1g" grafanaUsername: &anchorgrafanaUsername "admin" grafanaPassword: &anchorgrafanaPassword "ChangeMe-PassowrdForGrafana" grafanaVersion: &anchorgrafanaVersion "7.5.2" @@ -31,36 +32,59 @@ lsdobserve: url: *anchorgrafanaURL elastic: enabled: true - image: "docker.elastic.co/elasticsearch/elasticsearch:7.10.0" + image: "docker.elastic.co/elasticsearch/elasticsearch:7.10.2" count: *anchorelasticClusterSize storage: "50Gi" storageClassName: *anchorstorageClass filebeat: enabled: true - image: "docker.elastic.co/beats/filebeat:7.10.0" + image: "docker.elastic.co/beats/filebeat:7.10.2" version: *anchoreckVersion ## Metricbeat as a Daemonset to collect metrics from Nodes metricbeat: enabled: false - image: "docker.elastic.co/beats/metricbeat:7.10.0" + image: "docker.elastic.co/beats/metricbeat:7.10.2" version: *anchoreckVersion ## Metricbeat to connect to Prometheus metricbeatPrometheus: enabled: true - image: "docker.elastic.co/beats/metricbeat:7.10.0" + image: "docker.elastic.co/beats/metricbeat:7.10.2" version: *anchoreckVersion apm: enabled: false - image: "docker.elastic.co/apm/apm-server:7.10.0" + image: "docker.elastic.co/apm/apm-server:7.10.2" version: *anchoreckVersion kibana: enabled: true - image: "docker.elastic.co/kibana/kibana:7.10.0" + image: "docker.elastic.co/kibana/kibana:7.10.2" version: *anchoreckVersion count: "1" ingress: url: *anchorkibanaURL +# Logstash +logstash: + image: "docker.elastic.co/logstash/logstash" + imageTag: *anchoreckVersion + replicas: "1" + logstashJavaOpts: *anchorlogstashJavaOpts + resources: + requests: + cpu: "100m" + memory: "1536Mi" + limits: + cpu: "1000m" + memory: "1536Mi" + volumeClaimTemplate: {} + service: + type: ClusterIP + loadBalancerIP: "" + ports: + - name: beats + port: 5044 + protocol: TCP + targetPort: 5044 + # Elastic Operator # To get a latest values you can run: # helm show values elastic/eck-operator From 82dbfadcbc9ad1920e0bc3f32304aea8972572ca Mon Sep 17 00:00:00 2001 From: Neil Maderthaner Date: Tue, 31 Aug 2021 17:32:39 +0200 Subject: [PATCH 02/11] Added Logstash with Pipelines ECK bumped to 1.6.0 Elastic at 7.10.2 --- charts/lsdobserve/Chart.yaml | 6 +- charts/lsdobserve/README.md | 8 + charts/lsdobserve/crds/elastic-crds.yaml | 580 +- .../lsdobserve-filebeat.bootstrap.k8s.json | 7 + .../lsdobserve-filebeat.bootstrap.lsdo.json | 7 + ...lsdobserve-filebeat.bootstrap.project.json | 7 + .../lsdobserve-filebeat.ilm.policy.json | 21 - .../lsdobserve-filebeat.ilm.policy.k8s.json | 26 + .../lsdobserve-filebeat.ilm.policy.lsdo.json | 26 + ...sdobserve-filebeat.ilm.policy.project.json | 26 + .../elastic/lsdobserve-filebeat.pipeline.json | 47 - .../lsdobserve-filebeat.template.7.10.2.json | 23491 ++++++++++++++++ .../elastic/lsdobserve-filebeat.template.json | 15 - .../lsdobserve-filebeat.template.k8s.json | 14 + .../lsdobserve-filebeat.template.lsdo.json | 14 + .../lsdobserve-filebeat.template.project.json | 14 + .../logstash/patterns-lsdobserve-basic | 16 + .../logstash/patterns-lsdobserve-utility | 1 + .../logstash/pipeline-logstash.conf | 43 + .../logstash/pipeline-lsdobserve.conf | 92 + charts/lsdobserve/templates/elastic.apm.yaml | 2 +- .../templates/elastic.configmaps.yaml | 28 +- charts/lsdobserve/templates/elastic.es.yaml | 2 +- .../templates/elastic.filebeat.yaml | 9 +- charts/lsdobserve/templates/elastic.jobs.yaml | 132 +- .../lsdobserve/templates/elastic.kibana.yaml | 2 +- .../templates/logstash.configmaps.yaml | 28 + charts/lsdobserve/values.yaml | 70 +- 28 files changed, 24615 insertions(+), 119 deletions(-) create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.k8s.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.lsdo.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.project.json delete mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.k8s.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.lsdo.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.project.json delete mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.pipeline.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.template.7.10.2.json delete mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.template.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.template.k8s.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.template.lsdo.json create mode 100644 charts/lsdobserve/elastic/lsdobserve-filebeat.template.project.json create mode 100644 charts/lsdobserve/logstash/patterns-lsdobserve-basic create mode 100644 charts/lsdobserve/logstash/patterns-lsdobserve-utility create mode 100644 charts/lsdobserve/logstash/pipeline-logstash.conf create mode 100644 charts/lsdobserve/logstash/pipeline-lsdobserve.conf create mode 100644 charts/lsdobserve/templates/logstash.configmaps.yaml diff --git a/charts/lsdobserve/Chart.yaml b/charts/lsdobserve/Chart.yaml index 9ddfe1c..6a117f5 100644 --- a/charts/lsdobserve/Chart.yaml +++ b/charts/lsdobserve/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: lsdobserve -version: "1.0.82" +version: "1.0.84" appVersion: "1.0.2" # Disabling kubeVersion because GKE is dumb # kubeVersion: ">=v1.11.0" @@ -29,11 +29,11 @@ dependencies: version: "4.10.4" repository: https://prometheus-community.github.io/helm-charts - name: eck-operator - version: "1.3.1" + version: "1.6.0" repository: https://helm.elastic.co - name: grafana version: "6.7.4" repository: https://grafana.github.io/helm-charts - name: logstash version: "7.10.2" - repository: https://helm.elastic.co/logstash + repository: https://helm.elastic.co diff --git a/charts/lsdobserve/README.md b/charts/lsdobserve/README.md index d373af5..2d85e28 100644 --- a/charts/lsdobserve/README.md +++ b/charts/lsdobserve/README.md @@ -10,9 +10,13 @@ helm repo update ### Install on Generic Kubernetes Cluster Basic installation + +Only run `kubectl scale sts lsdobserve-logstash --replicas=1` once elastic-post-setup has finished running ``` helm show values lsdopen/lsdobserve > values.yaml helm install lsdobserve lsdopen/lsdobserve -n lsdobserve --create-namespace --values values.yaml ; helm upgrade lsdobserve lsdopen/lsdobserve -n lsdobserve --values values.yaml + +kubectl scale sts lsdobserve-logstash --replicas=1 ``` Install on GKE with Admin Password and Elastic disabled @@ -38,11 +42,15 @@ helm install lsdobserve -n lsdobserve --create-namespace \ ### Restricted Network Installation Simple installation + +Only run `kubectl scale sts lsdobserve-logstash --replicas=1` once elastic-post-setup has finished running ``` helm dependency update . kubectl create ns lsdobserve helm install lsdobserve . -n lsdobserve --create-namespace --values values.yaml ; helm upgrade lsdobserve . -n lsdobserve --create-namespace --values values.yaml + +kubectl scale sts lsdobserve-logstash --replicas=1 ``` diff --git a/charts/lsdobserve/crds/elastic-crds.yaml b/charts/lsdobserve/crds/elastic-crds.yaml index fb0b9f3..16fe0ba 100644 --- a/charts/lsdobserve/crds/elastic-crds.yaml +++ b/charts/lsdobserve/crds/elastic-crds.yaml @@ -1,4 +1,4 @@ -# https://github.com/elastic/cloud-on-k8s/blob/master/config/crds/all-crds.yaml +# https://github.com/elastic/cloud-on-k8s/blob/1.6/deploy/eck-operator/charts/eck-operator-crds/templates/all-crds.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -185,6 +185,13 @@ spec: type: string outputName: type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which will be used to make requests to the referenced + object. It has to be in the same namespace as the referenced + resource. If left empty the default HTTP service of the referenced + resource will be used. + type: string required: - name type: object @@ -233,7 +240,7 @@ spec: type: array serviceAccountName: description: ServiceAccountName is used to check access from the current - resource to a Elasticsearch resource in a different namespace. Can + resource to an Elasticsearch resource in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -353,6 +360,13 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string required: - name type: object @@ -744,6 +758,13 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string required: - name type: object @@ -1035,6 +1056,13 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string required: - name type: object @@ -1054,6 +1082,13 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string required: - name type: object @@ -1153,6 +1188,526 @@ status: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: elasticmapsservers.maps.k8s.elastic.co +spec: + additionalPrinterColumns: + - JSONPath: .status.health + name: health + type: string + - JSONPath: .status.availableNodes + description: Available nodes + name: nodes + type: integer + - JSONPath: .status.version + description: ElasticMapsServer version + name: version + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date + group: maps.k8s.elastic.co + names: + categories: + - elastic + kind: ElasticMapsServer + listKind: ElasticMapsServerList + plural: elasticmapsservers + shortNames: + - ems + singular: elasticmapsserver + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ElasticMapsServer represents an Elastic Map Server resource in + a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MapsSpec holds the specification of an Elastic Maps Server + instance. + properties: + config: + description: 'Config holds the ElasticMapsServer configuration. See: + https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration' + type: object + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Elastic Maps Server configuration. Configuration + settings are merged and have precedence over settings specified in + `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Elastic Maps Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Elastic Maps + Server. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and will + be ignored. + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. + allocateLoadBalancerNodePorts may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. This field is alpha-level + and is only honored by servers that enable the ServiceLBNodePortControl + feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not + be changed through updates unless the type field is also + being changed to ExternalName (which requires this field + to be blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and proxying + is not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will + fail. This field may not be changed through updates unless + the type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is + being changed from ExternalName (in which case this field + may optionally be specified, as describe above). Valid + values are \"None\", empty string (\"\"), or a valid IP + address. Setting this to \"None\" makes a \"headless + service\" (no virtual IP), which is useful when direct + endpoint connections are preferred and proxying is not + required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have + the same value. \n Unless the \"IPv6DualStack\" feature + gate is enabled, this field is limited to one value, which + must be the same as the clusterIP field. If the feature + gate is enabled, this field may hold a maximum of two + entries (dual-stack IPs, in either order). These IPs + must correspond to the values of the ipFamilies field. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will be + involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires Type to be + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). + format: int32 + type: integer + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service, and is gated by + the \"IPv6DualStack\" feature gate. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" and + \"IPv6\". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to \"headless\" services. This field will be wiped when + updating a Service to type ExternalName. \n This field + may hold a maximum of two entries (dual-stack families, + in either order). These families must correspond to the + values of the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an + IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service, and is gated by + the "IPv6DualStack" feature gate. If there is no value + provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified in + this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be ignored + if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. This is + a beta field that is guarded by the ServiceAppProtocol + feature gate and enabled by default. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should be + omitted or set equal to the ''port'' field. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + required: + - port + type: object + type: array + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only + applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of + Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + topologyKeys: + description: topologyKeys is a preference-order list of + topology keys which implementations of services should + use to preferentially sort endpoints when accessing this + Service, it can not be used at the same time as externalTrafficPolicy=Local. + Topology keys must be valid label keys and at most 16 + keys may be specified. Endpoints are chosen based on the + first topology key with available backends. If this field + is specified and all entries have no backends that match + the topology of the client, the service has no backends + for that client and connections should fail. The special + value "*" may be used to mean "any topology". This catch-all + value, if used, only makes sense as the last value in + the list. If this is not specified or empty, no topology + constraints will be applied. This field is alpha-level + and is only honored by servers that enable the ServiceTopology + feature. + items: + type: string + type: array + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is + not specified, by manual construction of an Endpoints + object or EndpointSlice objects. If clusterIP is "None", + no virtual IP is allocated and the endpoints are published + as a set of endpoints rather than a virtual IP. "NodePort" + builds on ClusterIP and allocates a port on every node + which routes to the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the + same endpoints as the clusterIP. "ExternalName" aliases + this service to the specified externalName. Several other + fields do not apply to ExternalName services. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: \n + - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed + certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of + the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to + include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry + in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Elastic Maps Server Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Elastic Maps + Server pods + type: object + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Elastic Maps Server. + type: string + required: + - version + type: object + status: + description: MapsStatus defines the observed state of Elastic Maps Server + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in the + deployment. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.5.0 @@ -1958,6 +2513,13 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which will be used to make requests to the referenced + object. It has to be in the same namespace as the referenced + resource. If left empty the default HTTP service of the + referenced resource will be used. + type: string required: - name type: object @@ -2524,6 +3086,13 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string required: - name type: object @@ -3030,6 +3599,13 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string required: - name type: object diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.k8s.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.k8s.json new file mode 100644 index 0000000..c9426ab --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.k8s.json @@ -0,0 +1,7 @@ +{ + "aliases": { + "filebeat-7.10.2-k8s": { + "is_write_index": true + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.lsdo.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.lsdo.json new file mode 100644 index 0000000..2de6b20 --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.lsdo.json @@ -0,0 +1,7 @@ +{ + "aliases": { + "filebeat-7.10.2-lsdo": { + "is_write_index": true + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.project.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.project.json new file mode 100644 index 0000000..db8848f --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.bootstrap.project.json @@ -0,0 +1,7 @@ +{ + "aliases": { + "filebeat-7.10.2-project": { + "is_write_index": true + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.json deleted file mode 100644 index e8a6ad1..0000000 --- a/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_size": "20gb", - "max_age": "1d" - } - } - }, - "delete": { - "min_age": "7d", - "actions": { - "delete" : { } - } - } - } - } - } diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.k8s.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.k8s.json new file mode 100644 index 0000000..0b027ae --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.k8s.json @@ -0,0 +1,26 @@ +{ + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_size": "20gb", + "max_age": "3d" + }, + "set_priority": { + "priority": 100 + } + } + }, + "delete": { + "min_age": "3d", + "actions": { + "delete": { + "delete_searchable_snapshot": true + } + } + } + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.lsdo.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.lsdo.json new file mode 100644 index 0000000..0b027ae --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.lsdo.json @@ -0,0 +1,26 @@ +{ + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_size": "20gb", + "max_age": "3d" + }, + "set_priority": { + "priority": 100 + } + } + }, + "delete": { + "min_age": "3d", + "actions": { + "delete": { + "delete_searchable_snapshot": true + } + } + } + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.project.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.project.json new file mode 100644 index 0000000..af060ba --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.ilm.policy.project.json @@ -0,0 +1,26 @@ +{ + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_size": "20gb", + "max_age": "7d" + }, + "set_priority": { + "priority": 100 + } + } + }, + "delete": { + "min_age": "7d", + "actions": { + "delete": { + "delete_searchable_snapshot": true + } + } + } + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.pipeline.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.pipeline.json deleted file mode 100644 index cff0aae..0000000 --- a/charts/lsdobserve/elastic/lsdobserve-filebeat.pipeline.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "description": "LSDobserve - Basic Filebeat pipeline", - "processors": [{ - "grok": { - "field": "message", - "patterns": ["^(%{TIMESTAMP_ISO8601}|%{TIME})%{SPACE}%{LOGLEVEL:log.level}%{SPACE}%{GREEDYDATA:log.message}$", "^(%{TIMESTAMP_ISO8601}|%{TIME})%{SPACE}\\[%{DATA}\\]%{SPACE}%{LOGLEVEL:log.level}%{SPACE}%{GREEDYDATA:log.message}$", "^\\[(%{TIMESTAMP_ISO8601}|%{TIME})\\]%{SPACE}%{LOGLEVEL:log.level}%{SPACE}%{GREEDYDATA:log.message}$", "^%{TIMESTAMP_ISO8601} %{NOTSPACE}%{SPACE}\\[%{NUMBER\\]: %{LOGLEVEL:log.level}%{SPACE}%{GREEDYDATA:log.message}$", "^%{SYSLOGTIMESTAMP} %{NOTSPACE}%{DATA}(?[A-Za-z])%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{GREEDYDATA:log.message}$", "^%{TIME:[@metadata][timestamp]} \\|\\-%{DATA:log.level} %{GREEDYDATA:log.message}$", "^%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME}%{SPACE}%{SYSLOG5424SD:log.level}%{SPACE}%{GREEDYDATA:log.message}$", "^%{SYSLOGBASE2} %{GREEDYDATA:log.message}$", "^%{TIMESTAMP_ISO8601} %{GREEDYDATA:log.message}$", "^%{MONTH} %{MONTHDAY}, %{YEAR} %{TIME} (AM|PM) %{GREEDYDATA:log.message}$", "^%{LOGLEVEL:log.level}%{SPACE}\\[%{DATA}\\] %{TIMESTAMP_ISO8601} %{GREEDYDATA:log.message}$", "^%{DATA:log.level}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{BASE10NUM} %{GREEDYDATA:log.message}$", "^%{DATA:log.level}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{GREEDYDATA:log.message}$", "^\\[%{DATA}\\] %{DATA:log.level} %{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME} %{GREEDYDATA:log.message}$", "^%{LOGLEVEL:log.level}[,:]\\s+%{GREEDYDATA:log.message}$"], - "ignore_failure": true, - "ignore_missing": true - } - }, { - "gsub": { - "field": "log.level", - "pattern": "^([Ee]rror|[Ee]rr|[Ee]r|\\[error\\]|[Ee])$", - "replacement": "ERROR", - "ignore_failure": true - } - }, { - "gsub": { - "field": "log.level", - "pattern": "^(WARNING|[Ww]arning|[Ww]arn|\\[warn\\]|[Ww])$", - "replacement": "WARN", - "ignore_failure": true - } - }, { - "gsub": { - "field": "log.level", - "pattern": "^([Ii]nfo|\\[info\\]|[Ii])$", - "replacement": "INFO", - "ignore_failure": true - } - }, { - "gsub": { - "field": "log.level", - "pattern": "^([Dd]ebug|\\[debug\\]|[Dd])$", - "replacement": "DEBUG", - "ignore_failure": true - } - }, { - "gsub": { - "field": "log.level", - "pattern": "^([NN]otice|\\[notice\\])$", - "replacement": "NOTICE", - "ignore_failure": true - } - }] - } - \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.template.7.10.2.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.7.10.2.json new file mode 100644 index 0000000..dd5a9d9 --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.7.10.2.json @@ -0,0 +1,23491 @@ +{ + "order" : 1, + "index_patterns" : [ + "filebeat-7.10.2-*" + ], + "settings" : { + "index" : { + "mapping" : { + "total_fields" : { + "limit" : "10000" + } + }, + "refresh_interval" : "5s", + "number_of_shards" : "1", + "number_of_replicas": "0", + "auto_expand_replicas": "0-1", + "max_docvalue_fields_search" : "200", + "query" : { + "default_field" : [ + "message", + "tags", + "agent.ephemeral_id", + "agent.id", + "agent.name", + "agent.type", + "agent.version", + "as.organization.name", + "client.address", + "client.as.organization.name", + "client.domain", + "client.geo.city_name", + "client.geo.continent_name", + "client.geo.country_iso_code", + "client.geo.country_name", + "client.geo.name", + "client.geo.region_iso_code", + "client.geo.region_name", + "client.mac", + "client.registered_domain", + "client.top_level_domain", + "client.user.domain", + "client.user.email", + "client.user.full_name", + "client.user.group.domain", + "client.user.group.id", + "client.user.group.name", + "client.user.hash", + "client.user.id", + "client.user.name", + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "container.id", + "container.image.name", + "container.image.tag", + "container.name", + "container.runtime", + "destination.address", + "destination.as.organization.name", + "destination.domain", + "destination.geo.city_name", + "destination.geo.continent_name", + "destination.geo.country_iso_code", + "destination.geo.country_name", + "destination.geo.name", + "destination.geo.region_iso_code", + "destination.geo.region_name", + "destination.mac", + "destination.registered_domain", + "destination.top_level_domain", + "destination.user.domain", + "destination.user.email", + "destination.user.full_name", + "destination.user.group.domain", + "destination.user.group.id", + "destination.user.group.name", + "destination.user.hash", + "destination.user.id", + "destination.user.name", + "dns.answers.class", + "dns.answers.data", + "dns.answers.name", + "dns.answers.type", + "dns.header_flags", + "dns.id", + "dns.op_code", + "dns.question.class", + "dns.question.name", + "dns.question.registered_domain", + "dns.question.subdomain", + "dns.question.top_level_domain", + "dns.question.type", + "dns.response_code", + "dns.type", + "ecs.version", + "error.code", + "error.id", + "error.message", + "error.type", + "event.action", + "event.category", + "event.code", + "event.dataset", + "event.hash", + "event.id", + "event.kind", + "event.module", + "event.outcome", + "event.provider", + "event.timezone", + "event.type", + "file.device", + "file.directory", + "file.extension", + "file.gid", + "file.group", + "file.hash.md5", + "file.hash.sha1", + "file.hash.sha256", + "file.hash.sha512", + "file.inode", + "file.mode", + "file.name", + "file.owner", + "file.path", + "file.target_path", + "file.type", + "file.uid", + "geo.city_name", + "geo.continent_name", + "geo.country_iso_code", + "geo.country_name", + "geo.name", + "geo.region_iso_code", + "geo.region_name", + "group.domain", + "group.id", + "group.name", + "hash.md5", + "hash.sha1", + "hash.sha256", + "hash.sha512", + "host.architecture", + "host.geo.city_name", + "host.geo.continent_name", + "host.geo.country_iso_code", + "host.geo.country_name", + "host.geo.name", + "host.geo.region_iso_code", + "host.geo.region_name", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.full", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.user.domain", + "host.user.email", + "host.user.full_name", + "host.user.group.domain", + "host.user.group.id", + "host.user.group.name", + "host.user.hash", + "host.user.id", + "host.user.name", + "http.request.body.content", + "http.request.method", + "http.request.referrer", + "http.response.body.content", + "http.version", + "log.level", + "log.logger", + "log.origin.file.name", + "log.origin.function", + "log.syslog.facility.name", + "log.syslog.severity.name", + "network.application", + "network.community_id", + "network.direction", + "network.iana_number", + "network.name", + "network.protocol", + "network.transport", + "network.type", + "observer.geo.city_name", + "observer.geo.continent_name", + "observer.geo.country_iso_code", + "observer.geo.country_name", + "observer.geo.name", + "observer.geo.region_iso_code", + "observer.geo.region_name", + "observer.hostname", + "observer.mac", + "observer.name", + "observer.os.family", + "observer.os.full", + "observer.os.kernel", + "observer.os.name", + "observer.os.platform", + "observer.os.version", + "observer.product", + "observer.serial_number", + "observer.type", + "observer.vendor", + "observer.version", + "organization.id", + "organization.name", + "os.family", + "os.full", + "os.kernel", + "os.name", + "os.platform", + "os.version", + "package.architecture", + "package.checksum", + "package.description", + "package.install_scope", + "package.license", + "package.name", + "package.path", + "package.version", + "process.args", + "text", + "process.executable", + "process.hash.md5", + "process.hash.sha1", + "process.hash.sha256", + "process.hash.sha512", + "process.name", + "text", + "text", + "text", + "text", + "text", + "process.thread.name", + "process.title", + "process.working_directory", + "server.address", + "server.as.organization.name", + "server.domain", + "server.geo.city_name", + "server.geo.continent_name", + "server.geo.country_iso_code", + "server.geo.country_name", + "server.geo.name", + "server.geo.region_iso_code", + "server.geo.region_name", + "server.mac", + "server.registered_domain", + "server.top_level_domain", + "server.user.domain", + "server.user.email", + "server.user.full_name", + "server.user.group.domain", + "server.user.group.id", + "server.user.group.name", + "server.user.hash", + "server.user.id", + "server.user.name", + "service.ephemeral_id", + "service.id", + "service.name", + "service.node.name", + "service.state", + "service.type", + "service.version", + "source.address", + "source.as.organization.name", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.name", + "source.geo.region_iso_code", + "source.geo.region_name", + "source.mac", + "source.registered_domain", + "source.top_level_domain", + "source.user.domain", + "source.user.email", + "source.user.full_name", + "source.user.group.domain", + "source.user.group.id", + "source.user.group.name", + "source.user.hash", + "source.user.id", + "source.user.name", + "threat.framework", + "threat.tactic.id", + "threat.tactic.name", + "threat.tactic.reference", + "threat.technique.id", + "threat.technique.name", + "threat.technique.reference", + "tracing.trace.id", + "tracing.transaction.id", + "url.domain", + "url.extension", + "url.fragment", + "url.full", + "url.original", + "url.password", + "url.path", + "url.query", + "url.registered_domain", + "url.scheme", + "url.top_level_domain", + "url.username", + "user.domain", + "user.email", + "user.full_name", + "user.group.domain", + "user.group.id", + "user.group.name", + "user.hash", + "user.id", + "user.name", + "user_agent.device.name", + "user_agent.name", + "text", + "user_agent.original", + "user_agent.os.family", + "user_agent.os.full", + "user_agent.os.kernel", + "user_agent.os.name", + "user_agent.os.platform", + "user_agent.os.version", + "user_agent.version", + "text", + "agent.hostname", + "timeseries.instance", + "cloud.image.id", + "host.os.build", + "host.os.codename", + "kubernetes.pod.name", + "kubernetes.pod.uid", + "kubernetes.namespace", + "kubernetes.node.name", + "kubernetes.replicaset.name", + "kubernetes.deployment.name", + "kubernetes.statefulset.name", + "kubernetes.container.name", + "kubernetes.container.image", + "jolokia.agent.version", + "jolokia.agent.id", + "jolokia.server.product", + "jolokia.server.version", + "jolokia.server.vendor", + "jolokia.url", + "log.source.address", + "stream", + "input.type", + "syslog.severity_label", + "syslog.facility_label", + "process.program", + "log.flags", + "user_agent.os.full_name", + "fileset.name", + "icmp.code", + "icmp.type", + "igmp.type", + "azure.eventhub", + "azure.consumer_group", + "kafka.topic", + "kafka.key", + "activemq.caller", + "activemq.thread", + "activemq.user", + "activemq.log.stack_trace", + "apache.access.ssl.protocol", + "apache.access.ssl.cipher", + "apache.error.module", + "user.terminal", + "user.audit.id", + "user.audit.name", + "user.audit.group.id", + "user.audit.group.name", + "user.effective.id", + "user.effective.name", + "user.effective.group.id", + "user.effective.group.name", + "user.filesystem.id", + "user.filesystem.name", + "user.filesystem.group.id", + "user.filesystem.group.name", + "user.owner.id", + "user.owner.name", + "user.owner.group.id", + "user.owner.group.name", + "user.saved.id", + "user.saved.name", + "user.saved.group.id", + "user.saved.group.name", + "auditd.log.old_auid", + "auditd.log.new_auid", + "auditd.log.old_ses", + "auditd.log.new_ses", + "auditd.log.items", + "auditd.log.item", + "auditd.log.tty", + "auditd.log.a0", + "azure.subscription_id", + "azure.correlation_id", + "azure.tenant_id", + "azure.resource.id", + "azure.resource.group", + "azure.resource.provider", + "azure.resource.namespace", + "azure.resource.name", + "azure.resource.authorization_rule", + "cisco.asa.message_id", + "cisco.asa.suffix", + "cisco.asa.source_interface", + "cisco.asa.destination_interface", + "cisco.asa.rule_name", + "cisco.asa.source_username", + "cisco.asa.destination_username", + "cisco.asa.threat_level", + "cisco.asa.threat_category", + "cisco.asa.connection_id", + "cisco.ftd.message_id", + "cisco.ftd.suffix", + "cisco.ftd.source_interface", + "cisco.ftd.destination_interface", + "cisco.ftd.rule_name", + "cisco.ftd.source_username", + "cisco.ftd.destination_username", + "cisco.ftd.threat_level", + "cisco.ftd.threat_category", + "cisco.ftd.connection_id", + "cisco.ios.access_list", + "cisco.ios.facility", + "cisco.umbrella.identities", + "cisco.umbrella.categories", + "cisco.umbrella.policy_identity_type", + "cisco.umbrella.identity_types", + "cisco.umbrella.blocked_categories", + "cisco.umbrella.content_type", + "cisco.umbrella.sha_sha256", + "cisco.umbrella.av_detections", + "cisco.umbrella.puas", + "cisco.umbrella.amp_disposition", + "cisco.umbrella.amp_malware_name", + "cisco.umbrella.amp_score", + "cisco.umbrella.datacenter", + "cisco.umbrella.origin_id", + "coredns.id", + "coredns.query.class", + "coredns.query.name", + "coredns.query.type", + "coredns.response.code", + "coredns.response.flags", + "cef.version", + "cef.device.vendor", + "cef.device.product", + "cef.device.version", + "cef.device.event_class_id", + "cef.severity", + "cef.name", + "source.service.name", + "destination.service.name", + "elasticsearch.component", + "elasticsearch.cluster.uuid", + "elasticsearch.cluster.name", + "elasticsearch.node.id", + "elasticsearch.node.name", + "elasticsearch.index.name", + "elasticsearch.index.id", + "elasticsearch.shard.id", + "elasticsearch.audit.layer", + "elasticsearch.audit.event_type", + "elasticsearch.audit.origin.type", + "elasticsearch.audit.realm", + "elasticsearch.audit.user.realm", + "elasticsearch.audit.user.roles", + "elasticsearch.audit.action", + "elasticsearch.audit.url.params", + "elasticsearch.audit.indices", + "elasticsearch.audit.request.id", + "elasticsearch.audit.request.name", + "elasticsearch.audit.message", + "elasticsearch.gc.phase.name", + "elasticsearch.gc.tags", + "elasticsearch.slowlog.logger", + "elasticsearch.slowlog.took", + "elasticsearch.slowlog.types", + "elasticsearch.slowlog.stats", + "elasticsearch.slowlog.search_type", + "elasticsearch.slowlog.source_query", + "elasticsearch.slowlog.extra_source", + "elasticsearch.slowlog.total_hits", + "elasticsearch.slowlog.total_shards", + "elasticsearch.slowlog.routing", + "elasticsearch.slowlog.id", + "elasticsearch.slowlog.type", + "elasticsearch.slowlog.source", + "envoyproxy.log_type", + "envoyproxy.response_flags", + "envoyproxy.request_id", + "envoyproxy.authority", + "envoyproxy.proxy_type", + "fortinet.file.hash.crc32", + "googlecloud.destination.instance.project_id", + "googlecloud.destination.instance.region", + "googlecloud.destination.instance.zone", + "googlecloud.destination.vpc.project_id", + "googlecloud.destination.vpc.vpc_name", + "googlecloud.destination.vpc.subnetwork_name", + "googlecloud.source.instance.project_id", + "googlecloud.source.instance.region", + "googlecloud.source.instance.zone", + "googlecloud.source.vpc.project_id", + "googlecloud.source.vpc.vpc_name", + "googlecloud.source.vpc.subnetwork_name", + "googlecloud.audit.type", + "googlecloud.audit.authentication_info.principal_email", + "googlecloud.audit.authentication_info.authority_selector", + "googlecloud.audit.method_name", + "googlecloud.audit.request.proto_name", + "googlecloud.audit.request.filter", + "googlecloud.audit.request.name", + "googlecloud.audit.request.resource_name", + "googlecloud.audit.request_metadata.caller_supplied_user_agent", + "googlecloud.audit.response.proto_name", + "googlecloud.audit.response.details.group", + "googlecloud.audit.response.details.kind", + "googlecloud.audit.response.details.name", + "googlecloud.audit.response.details.uid", + "googlecloud.audit.response.status", + "googlecloud.audit.resource_name", + "googlecloud.audit.resource_location.current_locations", + "googlecloud.audit.service_name", + "googlecloud.audit.status.message", + "googlecloud.firewall.rule_details.action", + "googlecloud.firewall.rule_details.direction", + "googlecloud.firewall.rule_details.reference", + "googlecloud.firewall.rule_details.source_range", + "googlecloud.firewall.rule_details.destination_range", + "googlecloud.firewall.rule_details.source_tag", + "googlecloud.firewall.rule_details.target_tag", + "googlecloud.firewall.rule_details.source_service_account", + "googlecloud.firewall.rule_details.target_service_account", + "googlecloud.vpcflow.reporter", + "haproxy.frontend_name", + "haproxy.backend_name", + "haproxy.server_name", + "haproxy.bind_name", + "haproxy.error_message", + "haproxy.source", + "haproxy.termination_state", + "haproxy.mode", + "haproxy.http.response.captured_cookie", + "haproxy.http.response.captured_headers", + "haproxy.http.request.captured_cookie", + "haproxy.http.request.captured_headers", + "haproxy.http.request.raw_request_line", + "ibmmq.errorlog.installation", + "ibmmq.errorlog.qmgr", + "ibmmq.errorlog.arithinsert", + "ibmmq.errorlog.commentinsert", + "ibmmq.errorlog.errordescription", + "ibmmq.errorlog.explanation", + "ibmmq.errorlog.action", + "ibmmq.errorlog.code", + "icinga.debug.facility", + "icinga.main.facility", + "icinga.startup.facility", + "iis.access.site_name", + "iis.access.server_name", + "iis.access.cookie", + "iis.error.reason_phrase", + "iis.error.queue_name", + "iptables.fragment_flags", + "iptables.input_device", + "iptables.output_device", + "iptables.tcp.flags", + "iptables.ubiquiti.input_zone", + "iptables.ubiquiti.output_zone", + "iptables.ubiquiti.rule_number", + "iptables.ubiquiti.rule_set", + "kafka.log.component", + "kafka.log.class", + "kafka.log.thread", + "kafka.log.trace.class", + "kafka.log.trace.message", + "kibana.log.tags", + "kibana.log.state", + "logstash.log.module", + "text", + "logstash.log.thread", + "logstash.log.pipeline_id", + "logstash.slowlog.module", + "text", + "logstash.slowlog.thread", + "text", + "logstash.slowlog.event", + "logstash.slowlog.plugin_name", + "logstash.slowlog.plugin_type", + "text", + "logstash.slowlog.plugin_params", + "misp.attack_pattern.id", + "misp.attack_pattern.name", + "misp.attack_pattern.description", + "misp.attack_pattern.kill_chain_phases", + "misp.campaign.id", + "misp.campaign.name", + "misp.campaign.description", + "misp.campaign.aliases", + "misp.campaign.objective", + "misp.course_of_action.id", + "misp.course_of_action.name", + "misp.course_of_action.description", + "misp.identity.id", + "misp.identity.name", + "misp.identity.description", + "misp.identity.identity_class", + "misp.identity.labels", + "misp.identity.sectors", + "misp.identity.contact_information", + "misp.intrusion_set.id", + "misp.intrusion_set.name", + "misp.intrusion_set.description", + "misp.intrusion_set.aliases", + "misp.intrusion_set.goals", + "misp.intrusion_set.resource_level", + "misp.intrusion_set.primary_motivation", + "misp.intrusion_set.secondary_motivations", + "misp.malware.id", + "misp.malware.name", + "misp.malware.description", + "misp.malware.labels", + "misp.malware.kill_chain_phases", + "misp.note.id", + "misp.note.summary", + "misp.note.description", + "misp.note.authors", + "misp.note.object_refs", + "misp.threat_indicator.labels", + "misp.threat_indicator.id", + "misp.threat_indicator.version", + "misp.threat_indicator.type", + "misp.threat_indicator.description", + "misp.threat_indicator.feed", + "misp.threat_indicator.severity", + "misp.threat_indicator.confidence", + "misp.threat_indicator.kill_chain_phases", + "misp.threat_indicator.mitre_tactic", + "misp.threat_indicator.mitre_technique", + "misp.threat_indicator.attack_pattern", + "misp.threat_indicator.attack_pattern_kql", + "misp.threat_indicator.intrusion_set", + "misp.threat_indicator.campaign", + "misp.threat_indicator.threat_actor", + "misp.observed_data.id", + "misp.observed_data.objects", + "misp.report.id", + "misp.report.labels", + "misp.report.name", + "misp.report.description", + "misp.report.object_refs", + "misp.threat_actor.id", + "misp.threat_actor.labels", + "misp.threat_actor.name", + "misp.threat_actor.description", + "misp.threat_actor.aliases", + "misp.threat_actor.roles", + "misp.threat_actor.goals", + "misp.threat_actor.sophistication", + "misp.threat_actor.resource_level", + "misp.threat_actor.primary_motivation", + "misp.threat_actor.secondary_motivations", + "misp.threat_actor.personal_motivations", + "misp.tool.id", + "misp.tool.labels", + "misp.tool.name", + "misp.tool.description", + "misp.tool.tool_version", + "misp.tool.kill_chain_phases", + "misp.vulnerability.id", + "misp.vulnerability.name", + "misp.vulnerability.description", + "mongodb.log.component", + "mongodb.log.context", + "mssql.log.origin", + "mysql.slowlog.query", + "mysql.slowlog.schema", + "mysql.slowlog.current_user", + "mysql.slowlog.last_errno", + "mysql.slowlog.killed", + "mysql.slowlog.log_slow_rate_type", + "mysql.slowlog.log_slow_rate_limit", + "mysql.slowlog.innodb.trx_id", + "nats.log.msg.type", + "nats.log.msg.subject", + "nats.log.msg.reply_to", + "nats.log.msg.error.message", + "nats.log.msg.queue_group", + "netflow.type", + "netflow.exporter.address", + "netflow.source_mac_address", + "netflow.post_destination_mac_address", + "netflow.destination_mac_address", + "netflow.post_source_mac_address", + "netflow.interface_name", + "netflow.interface_description", + "netflow.sampler_name", + "netflow.application_description", + "netflow.application_name", + "netflow.class_name", + "netflow.wlan_ssid", + "netflow.vr_fname", + "netflow.metro_evc_id", + "netflow.nat_pool_name", + "netflow.p2p_technology", + "netflow.tunnel_technology", + "netflow.encrypted_technology", + "netflow.observation_domain_name", + "netflow.selector_name", + "netflow.information_element_description", + "netflow.information_element_name", + "netflow.virtual_station_interface_name", + "netflow.virtual_station_name", + "netflow.sta_mac_address", + "netflow.wtp_mac_address", + "netflow.user_name", + "netflow.application_category_name", + "netflow.application_sub_category_name", + "netflow.application_group_name", + "netflow.dot1q_customer_source_mac_address", + "netflow.dot1q_customer_destination_mac_address", + "netflow.mib_context_name", + "netflow.mib_object_name", + "netflow.mib_object_description", + "netflow.mib_object_syntax", + "netflow.mib_module_name", + "netflow.mobile_imsi", + "netflow.mobile_msisdn", + "netflow.http_request_method", + "netflow.http_request_host", + "netflow.http_request_target", + "netflow.http_message_version", + "netflow.http_user_agent", + "netflow.http_content_type", + "netflow.http_reason_phrase", + "nginx.ingress_controller.upstream_address_list", + "nginx.ingress_controller.upstream.response.length_list", + "nginx.ingress_controller.upstream.response.time_list", + "nginx.ingress_controller.upstream.response.status_code_list", + "nginx.ingress_controller.upstream.name", + "nginx.ingress_controller.upstream.alternative_name", + "nginx.ingress_controller.http.request.id", + "osquery.result.name", + "osquery.result.action", + "osquery.result.host_identifier", + "osquery.result.calendar_time", + "panw.panos.ruleset", + "panw.panos.source.zone", + "panw.panos.source.interface", + "panw.panos.destination.zone", + "panw.panos.destination.interface", + "panw.panos.endreason", + "panw.panos.network.pcap_id", + "panw.panos.network.nat.community_id", + "panw.panos.file.hash", + "panw.panos.url.category", + "panw.panos.flow_id", + "panw.panos.threat.resource", + "panw.panos.threat.id", + "panw.panos.threat.name", + "panw.panos.action", + "panw.panos.type", + "panw.panos.sub_type", + "postgresql.log.timestamp", + "postgresql.log.database", + "postgresql.log.query", + "postgresql.log.query_step", + "postgresql.log.query_name", + "rabbitmq.log.pid", + "redis.log.role", + "redis.slowlog.cmd", + "redis.slowlog.key", + "redis.slowlog.args", + "bucket_name", + "object_key", + "santa.action", + "santa.decision", + "santa.reason", + "santa.mode", + "santa.disk.volume", + "santa.disk.bus", + "santa.disk.serial", + "santa.disk.bsdname", + "santa.disk.model", + "santa.disk.fs", + "santa.disk.mount", + "santa.certificate.common_name", + "santa.certificate.sha256", + "suricata.eve.event_type", + "suricata.eve.app_proto_orig", + "suricata.eve.tcp.tcp_flags", + "suricata.eve.tcp.tcp_flags_tc", + "suricata.eve.tcp.state", + "suricata.eve.tcp.tcp_flags_ts", + "suricata.eve.fileinfo.sha1", + "suricata.eve.fileinfo.state", + "suricata.eve.fileinfo.sha256", + "suricata.eve.fileinfo.md5", + "suricata.eve.dns.type", + "suricata.eve.dns.rrtype", + "suricata.eve.dns.rrname", + "suricata.eve.dns.rdata", + "suricata.eve.dns.rcode", + "suricata.eve.flow_id", + "suricata.eve.email.status", + "suricata.eve.http.redirect", + "suricata.eve.http.protocol", + "suricata.eve.http.http_content_type", + "suricata.eve.in_iface", + "suricata.eve.alert.category", + "suricata.eve.alert.signature", + "suricata.eve.ssh.client.proto_version", + "suricata.eve.ssh.client.software_version", + "suricata.eve.ssh.server.proto_version", + "suricata.eve.ssh.server.software_version", + "suricata.eve.tls.issuerdn", + "suricata.eve.tls.sni", + "suricata.eve.tls.version", + "suricata.eve.tls.fingerprint", + "suricata.eve.tls.serial", + "suricata.eve.tls.subject", + "suricata.eve.app_proto_ts", + "suricata.eve.flow.state", + "suricata.eve.flow.reason", + "suricata.eve.app_proto_tc", + "suricata.eve.smtp.rcpt_to", + "suricata.eve.smtp.mail_from", + "suricata.eve.smtp.helo", + "suricata.eve.app_proto_expected", + "system.auth.ssh.method", + "system.auth.ssh.signature", + "system.auth.ssh.event", + "system.auth.sudo.error", + "system.auth.sudo.tty", + "system.auth.sudo.pwd", + "system.auth.sudo.user", + "system.auth.sudo.command", + "system.auth.useradd.home", + "system.auth.useradd.shell", + "traefik.access.user_identifier", + "traefik.access.frontend_name", + "traefik.access.backend_url", + "zeek.session_id", + "zeek.capture_loss.peer", + "zeek.dns.trans_id", + "zeek.dns.query", + "zeek.dns.qclass_name", + "zeek.dns.qtype_name", + "zeek.dns.rcode_name", + "zeek.dns.answers", + "zeek.files.fuid", + "zeek.files.session_ids", + "zeek.files.source", + "zeek.files.analyzers", + "zeek.files.mime_type", + "zeek.files.filename", + "zeek.files.parent_fuid", + "zeek.files.md5", + "zeek.files.sha1", + "zeek.files.sha256", + "zeek.files.extracted", + "zeek.http.status_msg", + "zeek.http.info_msg", + "zeek.http.tags", + "zeek.http.password", + "zeek.http.proxied", + "zeek.http.client_header_names", + "zeek.http.server_header_names", + "zeek.http.orig_fuids", + "zeek.http.orig_mime_types", + "zeek.http.orig_filenames", + "zeek.http.resp_fuids", + "zeek.http.resp_mime_types", + "zeek.http.resp_filenames", + "zeek.notice.connection_id", + "zeek.notice.icmp_id", + "zeek.notice.file.id", + "zeek.notice.file.parent_id", + "zeek.notice.file.source", + "zeek.notice.file.mime_type", + "zeek.notice.fuid", + "zeek.notice.note", + "zeek.notice.msg", + "zeek.notice.sub", + "zeek.notice.peer_name", + "zeek.notice.peer_descr", + "zeek.notice.actions", + "zeek.notice.email_body_sections", + "zeek.notice.email_delay_tokens", + "zeek.notice.identifier", + "fields.*" + ] + } + } + }, + "mappings" : { + "_meta" : { + "beat" : "filebeat", + "version" : "7.10.2" + }, + "dynamic_templates" : [ + { + "labels" : { + "path_match" : "labels.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "string" + } + }, + { + "container.labels" : { + "path_match" : "container.labels.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "string" + } + }, + { + "fields" : { + "path_match" : "fields.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "string" + } + }, + { + "docker.container.labels" : { + "path_match" : "docker.container.labels.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "string" + } + }, + { + "kubernetes.labels.*" : { + "path_match" : "kubernetes.labels.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "*" + } + }, + { + "kubernetes.annotations.*" : { + "path_match" : "kubernetes.annotations.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "*" + } + }, + { + "docker.attrs" : { + "path_match" : "docker.attrs.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "string" + } + }, + { + "azure.activitylogs.identity.claims.*" : { + "path_match" : "azure.activitylogs.identity.claims.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "*" + } + }, + { + "kibana.log.meta" : { + "path_match" : "kibana.log.meta.*", + "mapping" : { + "type" : "keyword" + }, + "match_mapping_type" : "string" + } + }, + { + "strings_as_keyword" : { + "mapping" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "match_mapping_type" : "string" + } + } + ], + "properties" : { + "container" : { + "properties" : { + "image" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tag" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "runtime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "labels" : { + "type" : "object" + } + } + }, + "awscloudwatch" : { + "properties" : { + "log_group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ingestion_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_stream" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "icinga" : { + "properties" : { + "debug" : { + "properties" : { + "facility" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "startup" : { + "properties" : { + "facility" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "main" : { + "properties" : { + "facility" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "icmp" : { + "properties" : { + "code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "redis" : { + "properties" : { + "log" : { + "properties" : { + "role" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "slowlog" : { + "properties" : { + "duration" : { + "properties" : { + "us" : { + "type" : "long" + } + } + }, + "args" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cmd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "type" : "long" + }, + "key" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "observer" : { + "properties" : { + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "os" : { + "properties" : { + "kernel" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "family" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "platform" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "full" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + } + } + }, + "ip" : { + "type" : "ip" + }, + "serial_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "egress" : { + "type" : "object", + "properties" : { + "vlan" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alias" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "geo" : { + "properties" : { + "region_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "continent_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location" : { + "type" : "geo_point" + }, + "region_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "ingress" : { + "type" : "object", + "properties" : { + "vlan" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alias" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "hostname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vendor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "elasticsearch" : { + "properties" : { + "cluster" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "node" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "server" : { + "properties" : { + "stacktrace" : { + "ignore_above" : 1024, + "index" : false, + "type" : "keyword" + }, + "gc" : { + "properties" : { + "overhead_seq" : { + "type" : "long" + }, + "young" : { + "properties" : { + "one" : { + "type" : "long" + }, + "two" : { + "type" : "long" + } + } + }, + "observation_duration" : { + "properties" : { + "ms" : { + "type" : "float" + } + } + }, + "collection_duration" : { + "properties" : { + "ms" : { + "type" : "float" + } + } + } + } + } + } + }, + "component" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "audit" : { + "properties" : { + "request" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "indices" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "origin" : { + "properties" : { + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "realm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "norms" : false, + "type" : "text" + }, + "user" : { + "properties" : { + "roles" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "realm" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "layer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "url" : { + "properties" : { + "params" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "slowlog" : { + "properties" : { + "took" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_shards" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "types" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "logger" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "search_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "routing" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_hits" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "stats" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extra_source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "index" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "shard" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "deprecation" : { + "properties" : { } + }, + "gc" : { + "properties" : { + "phase" : { + "properties" : { + "cpu_time" : { + "properties" : { + "real_sec" : { + "type" : "float" + }, + "sys_sec" : { + "type" : "float" + }, + "user_sec" : { + "type" : "float" + } + } + }, + "scrub_symbol_table_time_sec" : { + "type" : "float" + }, + "scrub_string_table_time_sec" : { + "type" : "float" + }, + "weak_refs_processing_time_sec" : { + "type" : "float" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parallel_rescan_time_sec" : { + "type" : "float" + }, + "class_unload_time_sec" : { + "type" : "float" + }, + "duration_sec" : { + "type" : "float" + } + } + }, + "jvm_runtime_sec" : { + "type" : "float" + }, + "stopping_threads_time_sec" : { + "type" : "float" + }, + "old_gen" : { + "properties" : { + "size_kb" : { + "type" : "long" + }, + "used_kb" : { + "type" : "long" + } + } + }, + "young_gen" : { + "properties" : { + "size_kb" : { + "type" : "long" + }, + "used_kb" : { + "type" : "long" + } + } + }, + "threads_total_stop_time_sec" : { + "type" : "float" + }, + "heap" : { + "properties" : { + "size_kb" : { + "type" : "long" + }, + "used_kb" : { + "type" : "long" + } + } + }, + "tags" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "kibana" : { + "properties" : { + "log" : { + "properties" : { + "meta" : { + "type" : "object" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tags" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "azure" : { + "properties" : { + "tenant_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "consumer_group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "auditlogs" : { + "properties" : { + "operation_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tenant_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operation_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "identity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result_signature" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "properties" : { + "properties" : { + "initiated_by" : { + "properties" : { + "app" : { + "properties" : { + "servicePrincipalName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "displayName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "appId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "servicePrincipalId" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "user" : { + "properties" : { + "displayName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ipAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "userPrincipalName" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "result" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "logged_by_service" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "activity_display_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operation_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "correlation_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "activity_datetime" : { + "type" : "date" + }, + "target_resources" : { + "properties" : { + "*" : { + "properties" : { + "user_principal_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "modified_properties" : { + "properties" : { + "*" : { + "properties" : { + "old_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "display_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "new_value" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "display_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "offset" : { + "type" : "long" + }, + "resource" : { + "properties" : { + "provider" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "namespace" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authorization_rule" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "eventhub" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "enqueued_time" : { + "type" : "date" + }, + "subscription_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sequence_number" : { + "type" : "long" + }, + "partition_id" : { + "type" : "long" + }, + "signinlogs" : { + "properties" : { + "tenant_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operation_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result_description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operation_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "identity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result_signature" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "properties" : { + "properties" : { + "risk_level_aggregated" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_app_used" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "is_interactive" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "service_principal_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_level_during_signin" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_display_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "created_at" : { + "type" : "date" + }, + "ip_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device_detail" : { + "properties" : { + "device_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "browser" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operating_system" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trust_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "display_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "risk_detail" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resource_display_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "token_issuer_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_principal_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "token_issuer_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "processing_time_ms" : { + "type" : "float" + }, + "original_request_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "conditional_access_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "correlation_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_display_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "properties" : { + "error_code" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "correlation_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "activitylogs" : { + "properties" : { + "operation_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "identity" : { + "properties" : { + "authorization" : { + "properties" : { + "evidence" : { + "properties" : { + "role_definition_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "role_assignment_scope" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "role_assignment_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "principal_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "principal_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "scope" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "claims" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "claims_initiated_by_user" : { + "properties" : { + "schema" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "givenname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "surname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fullname" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "result_signature" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "properties" : { + "properties" : { + "status_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "service_request_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "bucket_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dns" : { + "properties" : { + "op_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resolved_ip" : { + "type" : "ip" + }, + "response_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "question" : { + "properties" : { + "registered_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "top_level_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subdomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "class" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "answers" : { + "type" : "object", + "properties" : { + "data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "class" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ttl" : { + "type" : "long" + } + } + }, + "header_flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "zeek" : { + "properties" : { + "ocsp" : { + "properties" : { + "file_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "revoke" : { + "properties" : { + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "time" : { + "type" : "date" + } + } + }, + "update" : { + "properties" : { + "next" : { + "type" : "date" + }, + "this" : { + "type" : "date" + } + } + }, + "serial_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "properties" : { + "issuer" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "key" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "capture_loss" : { + "properties" : { + "peer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "acks" : { + "type" : "long" + }, + "ts_delta" : { + "type" : "long" + }, + "gaps" : { + "type" : "long" + }, + "percent_lost" : { + "type" : "double" + } + } + }, + "ssh" : { + "properties" : { + "server" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_key" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "auth" : { + "properties" : { + "success" : { + "type" : "boolean" + }, + "attempts" : { + "type" : "long" + } + } + }, + "client" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "type" : "long" + }, + "algorithm" : { + "properties" : { + "cipher" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_key" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "compression" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "key_exchange" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "direction" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "syslog" : { + "properties" : { + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "facility" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "snmp" : { + "properties" : { + "duration" : { + "type" : "double" + }, + "set" : { + "properties" : { + "requests" : { + "type" : "long" + } + } + }, + "up_since" : { + "type" : "date" + }, + "get" : { + "properties" : { + "responses" : { + "type" : "long" + }, + "bulk_requests" : { + "type" : "long" + }, + "requests" : { + "type" : "long" + } + } + }, + "display_string" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "community" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "kerberos" : { + "properties" : { + "valid" : { + "properties" : { + "days" : { + "type" : "long" + }, + "from" : { + "type" : "date" + }, + "until" : { + "type" : "date" + } + } + }, + "cipher" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ticket" : { + "properties" : { + "new" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "auth" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "service" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "success" : { + "type" : "boolean" + }, + "renewable" : { + "type" : "boolean" + }, + "client" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert" : { + "properties" : { + "server" : { + "properties" : { + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "value" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "client" : { + "properties" : { + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "value" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "error" : { + "properties" : { + "msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "code" : { + "type" : "long" + } + } + }, + "forwardable" : { + "type" : "boolean" + } + } + }, + "ssl" : { + "properties" : { + "established" : { + "type" : "boolean" + }, + "cipher" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "server" : { + "properties" : { + "subject" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "cert_chain_fuids" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_chain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issuer" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "curve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "next_protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client" : { + "properties" : { + "subject" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "cert_chain_fuids" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_chain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issuer" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "last_alert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resumed" : { + "type" : "boolean" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "validation" : { + "properties" : { + "code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "stats" : { + "properties" : { + "dns_requests" : { + "properties" : { + "count" : { + "type" : "long" + }, + "active" : { + "type" : "long" + } + } + }, + "timers" : { + "properties" : { + "count" : { + "type" : "long" + }, + "active" : { + "type" : "long" + } + } + }, + "memory" : { + "type" : "long" + }, + "peer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bytes" : { + "properties" : { + "received" : { + "type" : "long" + } + } + }, + "timestamp_lag" : { + "type" : "long" + }, + "reassembly_size" : { + "properties" : { + "tcp" : { + "type" : "long" + }, + "frag" : { + "type" : "long" + }, + "file" : { + "type" : "long" + }, + "unknown" : { + "type" : "long" + } + } + }, + "files" : { + "properties" : { + "count" : { + "type" : "long" + }, + "active" : { + "type" : "long" + } + } + }, + "packets" : { + "properties" : { + "processed" : { + "type" : "long" + }, + "dropped" : { + "type" : "long" + }, + "received" : { + "type" : "long" + } + } + }, + "events" : { + "properties" : { + "processed" : { + "type" : "long" + }, + "queued" : { + "type" : "long" + } + } + }, + "connections" : { + "properties" : { + "tcp" : { + "properties" : { + "count" : { + "type" : "long" + }, + "active" : { + "type" : "long" + } + } + }, + "udp" : { + "properties" : { + "count" : { + "type" : "long" + }, + "active" : { + "type" : "long" + } + } + }, + "icmp" : { + "properties" : { + "count" : { + "type" : "long" + }, + "active" : { + "type" : "long" + } + } + } + } + } + } + }, + "dpd" : { + "properties" : { + "analyzer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "failure_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "packet_segment" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "mysql" : { + "properties" : { + "success" : { + "type" : "boolean" + }, + "response" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "arg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cmd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rows" : { + "type" : "long" + } + } + }, + "connection" : { + "properties" : { + "local_resp" : { + "type" : "boolean" + }, + "vlan" : { + "type" : "long" + }, + "inner_vlan" : { + "type" : "long" + }, + "local_orig" : { + "type" : "boolean" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "history" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "missed_bytes" : { + "type" : "long" + }, + "icmp" : { + "properties" : { + "code" : { + "type" : "long" + }, + "type" : { + "type" : "long" + } + } + }, + "state_message" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "irc" : { + "properties" : { + "nick" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dcc" : { + "properties" : { + "file" : { + "properties" : { + "size" : { + "type" : "long" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "mime_type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "addl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "command" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "sip" : { + "properties" : { + "date" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request" : { + "properties" : { + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "from" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "body_length" : { + "type" : "long" + } + } + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uri" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "transaction_depth" : { + "type" : "long" + }, + "call_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sequence" : { + "properties" : { + "number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "method" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "reply_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "response" : { + "properties" : { + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "from" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "body_length" : { + "type" : "long" + } + } + }, + "warning" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "properties" : { + "msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "code" : { + "type" : "long" + } + } + } + } + }, + "radius" : { + "properties" : { + "result" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "remote_ip" : { + "type" : "ip" + }, + "connect_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "logged" : { + "type" : "boolean" + }, + "reply_msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "framed_addr" : { + "type" : "ip" + }, + "ttl" : { + "type" : "long" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "username" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "dhcp" : { + "properties" : { + "msg" : { + "properties" : { + "server" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "types" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "origin" : { + "type" : "ip" + }, + "client" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "duration" : { + "type" : "double" + }, + "hostname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "address" : { + "properties" : { + "server" : { + "type" : "ip" + }, + "requested" : { + "type" : "ip" + }, + "client" : { + "type" : "ip" + }, + "assigned" : { + "type" : "ip" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "software" : { + "properties" : { + "server" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "lease_time" : { + "type" : "long" + }, + "client_fqdn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "properties" : { + "circuit" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subscriber" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "remote_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "notice" : { + "properties" : { + "suppress_for" : { + "type" : "double" + }, + "msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "note" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sub" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "identifier" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_delay_tokens" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dropped" : { + "type" : "boolean" + }, + "false" : { + "type" : "long" + }, + "email_body_sections" : { + "norms" : false, + "type" : "text" + }, + "ffile" : { + "properties" : { + "total_bytes" : { + "type" : "long" + } + } + }, + "peer_descr" : { + "norms" : false, + "type" : "text" + }, + "icmp_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file" : { + "properties" : { + "mime_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parent_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "is_orig" : { + "type" : "boolean" + }, + "seen_bytes" : { + "type" : "long" + }, + "missing_bytes" : { + "type" : "long" + }, + "overflow_bytes" : { + "type" : "long" + } + } + }, + "connection_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "actions" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "dnp3" : { + "properties" : { + "function" : { + "properties" : { + "request" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reply" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "id" : { + "type" : "long" + } + } + }, + "ftp" : { + "properties" : { + "cmdarg" : { + "properties" : { + "arg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cmd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "seq" : { + "type" : "long" + } + } + }, + "last_auth_requested" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "passive" : { + "type" : "boolean" + }, + "command" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cwd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "data_channel" : { + "properties" : { + "response_port" : { + "type" : "long" + }, + "response_host" : { + "type" : "ip" + }, + "originating_host" : { + "type" : "ip" + }, + "passive" : { + "type" : "boolean" + } + } + }, + "password" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file" : { + "properties" : { + "size" : { + "type" : "long" + }, + "mime_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "pending_commands" : { + "type" : "long" + }, + "capture_password" : { + "type" : "boolean" + }, + "arg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reply" : { + "properties" : { + "msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "code" : { + "type" : "long" + } + } + }, + "user" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "smtp" : { + "properties" : { + "date" : { + "type" : "date" + }, + "cc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "x_originating_ip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "second_received" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mail_from" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "transaction_depth" : { + "type" : "long" + }, + "in_reply_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "helo" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "path" : { + "type" : "ip" + }, + "rcpt_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reply_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "process_received_from" : { + "type" : "boolean" + }, + "has_client_activity" : { + "type" : "boolean" + }, + "is_webmail" : { + "type" : "boolean" + }, + "last_reply" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tls" : { + "type" : "boolean" + }, + "from" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msg_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "first_received" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fuids" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "socks" : { + "properties" : { + "request" : { + "properties" : { + "port" : { + "type" : "long" + }, + "host" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "password" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bound" : { + "properties" : { + "port" : { + "type" : "long" + }, + "host" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "capture_password" : { + "type" : "boolean" + }, + "version" : { + "type" : "long" + }, + "user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "dns" : { + "properties" : { + "AA" : { + "type" : "boolean" + }, + "TTLs" : { + "type" : "double" + }, + "qclass_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "qtype_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "qtype" : { + "type" : "long" + }, + "rejected" : { + "type" : "boolean" + }, + "query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_replies" : { + "type" : "long" + }, + "answers" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trans_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rcode" : { + "type" : "long" + }, + "TC" : { + "type" : "boolean" + }, + "RA" : { + "type" : "boolean" + }, + "rcode_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "RD" : { + "type" : "boolean" + }, + "saw_query" : { + "type" : "boolean" + }, + "rtt" : { + "type" : "double" + }, + "saw_reply" : { + "type" : "boolean" + }, + "total_answers" : { + "type" : "long" + }, + "qclass" : { + "type" : "long" + } + } + }, + "session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "smb_files" : { + "properties" : { + "fid" : { + "type" : "long" + }, + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "times" : { + "properties" : { + "created" : { + "type" : "date" + }, + "modified" : { + "type" : "date" + }, + "accessed" : { + "type" : "date" + }, + "changed" : { + "type" : "date" + } + } + }, + "size" : { + "type" : "long" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "previous_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "intel" : { + "properties" : { + "sources" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "matched" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file_mime_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "seen" : { + "properties" : { + "indicator" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "node" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "conn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "f" : { + "type" : "object" + }, + "host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "where" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "indicator_type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "rfb" : { + "properties" : { + "auth" : { + "properties" : { + "method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "success" : { + "type" : "boolean" + } + } + }, + "width" : { + "type" : "long" + }, + "share_flag" : { + "type" : "boolean" + }, + "version" : { + "properties" : { + "server" : { + "properties" : { + "minor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "major" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "client" : { + "properties" : { + "major" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "minor" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "desktop_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "height" : { + "type" : "long" + } + } + }, + "x509" : { + "properties" : { + "log_cert" : { + "type" : "boolean" + }, + "san" : { + "properties" : { + "other_fields" : { + "type" : "boolean" + }, + "ip" : { + "type" : "ip" + }, + "dns" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uri" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "certificate" : { + "properties" : { + "valid" : { + "properties" : { + "from" : { + "type" : "date" + }, + "until" : { + "type" : "date" + } + } + }, + "serial" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "curve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subject" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "signature_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "type" : "long" + }, + "issuer" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "key" : { + "properties" : { + "length" : { + "type" : "long" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "exponent" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "basic_constraints" : { + "properties" : { + "certificate_authority" : { + "type" : "boolean" + }, + "path_length" : { + "type" : "long" + } + } + } + } + }, + "weird" : { + "properties" : { + "identifier" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "additional_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "notice" : { + "type" : "boolean" + } + } + }, + "ntlm" : { + "properties" : { + "server" : { + "properties" : { + "name" : { + "properties" : { + "dns" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tree" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "netbios" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "hostname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "success" : { + "type" : "boolean" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "username" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "modbus" : { + "properties" : { + "exception" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "function" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "track_address" : { + "type" : "long" + } + } + }, + "pe" : { + "properties" : { + "compile_time" : { + "type" : "date" + }, + "uses_aslr" : { + "type" : "boolean" + }, + "os" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subsystem" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "section_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "has_export_table" : { + "type" : "boolean" + }, + "is_64bit" : { + "type" : "boolean" + }, + "uses_dep" : { + "type" : "boolean" + }, + "has_cert_table" : { + "type" : "boolean" + }, + "has_import_table" : { + "type" : "boolean" + }, + "has_debug_data" : { + "type" : "boolean" + }, + "uses_seh" : { + "type" : "boolean" + }, + "is_exe" : { + "type" : "boolean" + }, + "machine" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uses_code_integrity" : { + "type" : "boolean" + } + } + }, + "dce_rpc" : { + "properties" : { + "named_pipe" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "endpoint" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rtt" : { + "type" : "long" + }, + "operation" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "smb_mapping" : { + "properties" : { + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "share_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "service" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "native_file_system" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "files" : { + "properties" : { + "timedout" : { + "type" : "boolean" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tx_host" : { + "type" : "ip" + }, + "source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extracted" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "duration" : { + "type" : "double" + }, + "entropy" : { + "type" : "double" + }, + "analyzers" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_bytes" : { + "type" : "long" + }, + "fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "seen_bytes" : { + "type" : "long" + }, + "missing_bytes" : { + "type" : "long" + }, + "session_ids" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parent_fuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "local_orig" : { + "type" : "boolean" + }, + "is_orig" : { + "type" : "boolean" + }, + "extracted_cutoff" : { + "type" : "boolean" + }, + "overflow_bytes" : { + "type" : "long" + }, + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filename" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "depth" : { + "type" : "long" + }, + "mime_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rx_host" : { + "type" : "ip" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extracted_size" : { + "type" : "long" + } + } + }, + "http" : { + "properties" : { + "orig_mime_depth" : { + "type" : "long" + }, + "server_header_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resp_mime_depth" : { + "type" : "long" + }, + "proxied" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "orig_mime_types" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "info_msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resp_mime_types" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trans_depth" : { + "type" : "long" + }, + "password" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_header_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "orig_fuids" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "orig_filenames" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "range_request" : { + "type" : "boolean" + }, + "captured_password" : { + "type" : "boolean" + }, + "status_msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resp_filenames" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "info_code" : { + "type" : "long" + }, + "resp_fuids" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "smb_cmd" : { + "properties" : { + "argument" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file" : { + "properties" : { + "uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host" : { + "properties" : { + "tx" : { + "type" : "ip" + }, + "rx" : { + "type" : "ip" + } + } + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "rtt" : { + "type" : "double" + }, + "tree_service" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "smb2_offered_dialects" : { + "type" : "long" + }, + "smb1_offered_dialects" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tree" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sub_command" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "command" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "username" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "tunnel" : { + "properties" : { + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "rdp" : { + "properties" : { + "result" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "desktop" : { + "properties" : { + "width" : { + "type" : "long" + }, + "color_depth" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "height" : { + "type" : "long" + } + } + }, + "encryption" : { + "properties" : { + "method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "level" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "cookie" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "security_protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client" : { + "properties" : { + "build" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "product_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "cert" : { + "properties" : { + "permanent" : { + "type" : "boolean" + }, + "count" : { + "type" : "long" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "ssl" : { + "type" : "boolean" + }, + "done" : { + "type" : "boolean" + }, + "keyboard_layout" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "vulnerability" : { + "properties" : { + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reference" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "score" : { + "properties" : { + "environmental" : { + "type" : "float" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "temporal" : { + "type" : "float" + }, + "base" : { + "type" : "float" + } + } + }, + "report_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scanner" : { + "properties" : { + "vendor" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "enumeration" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "classification" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "juniper" : { + "properties" : { + "srx" : { + "properties" : { + "src_nat_rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_vrf_grp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connection_tag" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connection_hit_rate" : { + "type" : "long" + }, + "logical_system_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "temporary_filename" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "repeat_count" : { + "type" : "long" + }, + "context_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inbound_bytes" : { + "type" : "long" + }, + "file_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "feed_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "profile_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hostname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "routing_instance" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "application_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_ip" : { + "type" : "ip" + }, + "action_detail" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer_destination_port" : { + "type" : "long" + }, + "inbound_packets" : { + "type" : "long" + }, + "tag" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_vrf_grp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "error_message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "service_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uplink_tx_bytes" : { + "type" : "long" + }, + "uplink_rx_bytes" : { + "type" : "long" + }, + "profile" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "index" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sample_sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "verdict_number" : { + "type" : "long" + }, + "message_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protocol_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dscp_value" : { + "type" : "long" + }, + "export_id" : { + "type" : "long" + }, + "peer_destination_address" : { + "type" : "ip" + }, + "dst_nat_rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filename" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "error_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "verdict_source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "epoch_time" : { + "type" : "date" + }, + "application_sub_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tenant_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp_type" : { + "type" : "long" + }, + "application_characteristics" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file_hash_lookup" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sub_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "occur_count" : { + "type" : "long" + }, + "roles" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer_source_address" : { + "type" : "ip" + }, + "time_count" : { + "type" : "long" + }, + "time_scope" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer_source_port" : { + "type" : "long" + }, + "alert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context_value_hit_rate" : { + "type" : "long" + }, + "elapsed_time" : { + "type" : "date" + }, + "packet_log_id" : { + "type" : "long" + }, + "apbr_rule_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer_session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "secure_web_proxy_session_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat_connection_tag" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_nat_rule_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timestamp" : { + "type" : "date" + }, + "application_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "process" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threat_severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context_hit_rate" : { + "type" : "long" + }, + "outbound_packets" : { + "type" : "long" + }, + "file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ddos_application_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "malware_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_nat_rule_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nested_application" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attack_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "application" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "encrypted" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "th" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ruleebase_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "obj" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "session_id_32" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "outbound_bytes" : { + "type" : "long" + }, + "time_period" : { + "type" : "long" + }, + "username" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protocol_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "labels" : { + "type" : "object" + }, + "tags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "input" : { + "properties" : { + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + } + } + } + } + }, + "system" : { + "properties" : { + "auth" : { + "properties" : { + "ssh" : { + "properties" : { + "geoip" : { + "properties" : { } + }, + "dropped_ip" : { + "type" : "ip" + }, + "method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "signature" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "sudo" : { + "properties" : { + "tty" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "error" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pwd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "command" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "useradd" : { + "properties" : { + "shell" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "home" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "groupadd" : { + "properties" : { } + } + } + }, + "syslog" : { + "properties" : { } + } + } + }, + "kafka" : { + "properties" : { + "partition" : { + "type" : "long" + }, + "offset" : { + "type" : "long" + }, + "log" : { + "properties" : { + "component" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trace" : { + "properties" : { + "message" : { + "norms" : false, + "type" : "text" + }, + "class" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "thread" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "class" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "block_timestamp" : { + "type" : "date" + }, + "topic" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "key" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "suricata" : { + "properties" : { + "eve" : { + "properties" : { + "icmp_type" : { + "type" : "long" + }, + "flags" : { + "properties" : { } + }, + "ssh" : { + "properties" : { + "server" : { + "properties" : { + "proto_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "software_version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "client" : { + "properties" : { + "proto_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "software_version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "app_proto_orig" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_ip" : { + "path" : "source.ip", + "type" : "alias" + }, + "event_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alert" : { + "properties" : { + "severity" : { + "path" : "event.severity", + "type" : "alias" + }, + "signature_id" : { + "type" : "long" + }, + "rev" : { + "type" : "long" + }, + "gid" : { + "type" : "long" + }, + "signature" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "path" : "event.outcome", + "type" : "alias" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "stats" : { + "properties" : { + "defrag" : { + "properties" : { + "max_frag_hits" : { + "type" : "long" + }, + "ipv4" : { + "properties" : { + "reassembled" : { + "type" : "long" + }, + "timeouts" : { + "type" : "long" + }, + "fragments" : { + "type" : "long" + } + } + }, + "ipv6" : { + "properties" : { + "reassembled" : { + "type" : "long" + }, + "timeouts" : { + "type" : "long" + }, + "fragments" : { + "type" : "long" + } + } + } + } + }, + "tcp" : { + "properties" : { + "insert_data_overlap_fail" : { + "type" : "long" + }, + "invalid_checksum" : { + "type" : "long" + }, + "ssn_memcap_drop" : { + "type" : "long" + }, + "sessions" : { + "type" : "long" + }, + "overlap_diff_data" : { + "type" : "long" + }, + "syn" : { + "type" : "long" + }, + "stream_depth_reached" : { + "type" : "long" + }, + "segment_memcap_drop" : { + "type" : "long" + }, + "no_flow" : { + "type" : "long" + }, + "memuse" : { + "type" : "long" + }, + "pseudo_failed" : { + "type" : "long" + }, + "reassembly_gap" : { + "type" : "long" + }, + "rst" : { + "type" : "long" + }, + "overlap" : { + "type" : "long" + }, + "insert_list_fail" : { + "type" : "long" + }, + "synack" : { + "type" : "long" + }, + "pseudo" : { + "type" : "long" + }, + "reassembly_memuse" : { + "type" : "long" + }, + "insert_data_normal_fail" : { + "type" : "long" + } + } + }, + "app_layer" : { + "properties" : { + "tx" : { + "properties" : { + "dcerpc_udp" : { + "type" : "long" + }, + "dcerpc_tcp" : { + "type" : "long" + }, + "ftp" : { + "type" : "long" + }, + "smtp" : { + "type" : "long" + }, + "ssh" : { + "type" : "long" + }, + "http" : { + "type" : "long" + }, + "smb" : { + "type" : "long" + }, + "tls" : { + "type" : "long" + }, + "dns_udp" : { + "type" : "long" + }, + "dns_tcp" : { + "type" : "long" + } + } + }, + "flow" : { + "properties" : { + "dcerpc_udp" : { + "type" : "long" + }, + "imap" : { + "type" : "long" + }, + "dcerpc_tcp" : { + "type" : "long" + }, + "ftp" : { + "type" : "long" + }, + "smtp" : { + "type" : "long" + }, + "smb" : { + "type" : "long" + }, + "ssh" : { + "type" : "long" + }, + "msn" : { + "type" : "long" + }, + "failed_udp" : { + "type" : "long" + }, + "failed_tcp" : { + "type" : "long" + }, + "dns_udp" : { + "type" : "long" + }, + "dns_tcp" : { + "type" : "long" + }, + "http" : { + "type" : "long" + }, + "tls" : { + "type" : "long" + } + } + } + } + }, + "dns" : { + "properties" : { + "memuse" : { + "type" : "long" + }, + "memcap_state" : { + "type" : "long" + }, + "memcap_global" : { + "type" : "long" + } + } + }, + "detect" : { + "properties" : { + "alert" : { + "type" : "long" + } + } + }, + "http" : { + "properties" : { + "memuse" : { + "type" : "long" + }, + "memcap" : { + "type" : "long" + } + } + }, + "capture" : { + "properties" : { + "kernel_drops" : { + "type" : "long" + }, + "kernel_ifdrops" : { + "type" : "long" + }, + "kernel_packets" : { + "type" : "long" + } + } + }, + "decoder" : { + "properties" : { + "udp" : { + "type" : "long" + }, + "dce" : { + "properties" : { + "pkt_too_small" : { + "type" : "long" + } + } + }, + "ieee8021ah" : { + "type" : "long" + }, + "pkts" : { + "type" : "long" + }, + "vlan" : { + "type" : "long" + }, + "ipv4" : { + "type" : "long" + }, + "ipv6" : { + "type" : "long" + }, + "pppoe" : { + "type" : "long" + }, + "teredo" : { + "type" : "long" + }, + "mpls" : { + "type" : "long" + }, + "gre" : { + "type" : "long" + }, + "vlan_qinq" : { + "type" : "long" + }, + "max_pkt_size" : { + "type" : "long" + }, + "ipraw" : { + "properties" : { + "invalid_ip_version" : { + "type" : "long" + } + } + }, + "tcp" : { + "type" : "long" + }, + "erspan" : { + "type" : "long" + }, + "icmpv4" : { + "type" : "long" + }, + "raw" : { + "type" : "long" + }, + "ipv4_in_ipv6" : { + "type" : "long" + }, + "ltnull" : { + "properties" : { + "unsupported_type" : { + "type" : "long" + }, + "pkt_too_small" : { + "type" : "long" + } + } + }, + "icmpv6" : { + "type" : "long" + }, + "ethernet" : { + "type" : "long" + }, + "ppp" : { + "type" : "long" + }, + "sll" : { + "type" : "long" + }, + "null" : { + "type" : "long" + }, + "bytes" : { + "type" : "long" + }, + "avg_pkt_size" : { + "type" : "long" + }, + "invalid" : { + "type" : "long" + }, + "sctp" : { + "type" : "long" + }, + "ipv6_in_ipv6" : { + "type" : "long" + } + } + }, + "flow_mgr" : { + "properties" : { + "bypassed_pruned" : { + "type" : "long" + }, + "closed_pruned" : { + "type" : "long" + }, + "rows_empty" : { + "type" : "long" + }, + "flows_notimeout" : { + "type" : "long" + }, + "flows_timeout_inuse" : { + "type" : "long" + }, + "flows_checked" : { + "type" : "long" + }, + "rows_maxlen" : { + "type" : "long" + }, + "flows_removed" : { + "type" : "long" + }, + "rows_checked" : { + "type" : "long" + }, + "flows_timeout" : { + "type" : "long" + }, + "est_pruned" : { + "type" : "long" + }, + "rows_busy" : { + "type" : "long" + }, + "rows_skipped" : { + "type" : "long" + }, + "new_pruned" : { + "type" : "long" + } + } + }, + "file_store" : { + "properties" : { + "open_files" : { + "type" : "long" + } + } + }, + "flow" : { + "properties" : { + "memuse" : { + "type" : "long" + }, + "udp" : { + "type" : "long" + }, + "emerg_mode_entered" : { + "type" : "long" + }, + "tcp" : { + "type" : "long" + }, + "tcp_reuse" : { + "type" : "long" + }, + "icmpv4" : { + "type" : "long" + }, + "emerg_mode_over" : { + "type" : "long" + }, + "icmpv6" : { + "type" : "long" + }, + "memcap" : { + "type" : "long" + }, + "spare" : { + "type" : "long" + } + } + }, + "uptime" : { + "type" : "long" + } + } + }, + "flow_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fileinfo" : { + "properties" : { + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filename" : { + "path" : "file.path", + "type" : "alias" + }, + "size" : { + "path" : "file.size", + "type" : "alias" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "stored" : { + "type" : "boolean" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tx_id" : { + "type" : "long" + }, + "gaps" : { + "type" : "boolean" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "icmp_code" : { + "type" : "long" + }, + "email" : { + "properties" : { + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "flow" : { + "properties" : { + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pkts_toserver" : { + "path" : "source.packets", + "type" : "alias" + }, + "alerted" : { + "type" : "boolean" + }, + "start" : { + "path" : "event.start", + "type" : "alias" + }, + "bytes_toclient" : { + "path" : "destination.bytes", + "type" : "alias" + }, + "end" : { + "type" : "date" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bytes_toserver" : { + "path" : "source.bytes", + "type" : "alias" + }, + "age" : { + "type" : "long" + }, + "pkts_toclient" : { + "path" : "destination.packets", + "type" : "alias" + } + } + }, + "dest_port" : { + "path" : "destination.port", + "type" : "alias" + }, + "timestamp" : { + "path" : "@timestamp", + "type" : "alias" + }, + "tcp" : { + "properties" : { + "rst" : { + "type" : "boolean" + }, + "tcp_flags_ts" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tcp_flags_tc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "psh" : { + "type" : "boolean" + }, + "tcp_flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ack" : { + "type" : "boolean" + }, + "syn" : { + "type" : "boolean" + }, + "fin" : { + "type" : "boolean" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "smtp" : { + "properties" : { + "helo" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rcpt_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mail_from" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "pcap_cnt" : { + "type" : "long" + }, + "dns" : { + "properties" : { + "rrname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rdata" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rcode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "type" : "long" + }, + "tx_id" : { + "type" : "long" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ttl" : { + "type" : "long" + }, + "rrtype" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "app_proto_tc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tx_id" : { + "type" : "long" + }, + "app_proto" : { + "path" : "network.protocol", + "type" : "alias" + }, + "src_port" : { + "path" : "source.port", + "type" : "alias" + }, + "in_iface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_proto_expected" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dest_ip" : { + "path" : "destination.ip", + "type" : "alias" + }, + "proto" : { + "path" : "network.transport", + "type" : "alias" + }, + "http" : { + "properties" : { + "redirect" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hostname" : { + "path" : "url.domain", + "type" : "alias" + }, + "http_method" : { + "path" : "http.request.method", + "type" : "alias" + }, + "http_content_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "http_refer" : { + "path" : "http.request.referrer", + "type" : "alias" + }, + "length" : { + "path" : "http.response.body.bytes", + "type" : "alias" + }, + "url" : { + "path" : "url.original", + "type" : "alias" + }, + "http_user_agent" : { + "path" : "user_agent.original", + "type" : "alias" + }, + "status" : { + "path" : "http.response.status_code", + "type" : "alias" + } + } + }, + "tls" : { + "properties" : { + "notbefore" : { + "type" : "date" + }, + "serial" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ja3s" : { + "properties" : { + "string" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "issuerdn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "notafter" : { + "type" : "date" + }, + "fingerprint" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "session_resumed" : { + "type" : "boolean" + }, + "ja3" : { + "properties" : { + "string" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sni" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "app_proto_ts" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "hash" : { + "properties" : { + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha512" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "rsa" : { + "properties" : { + "internal" : { + "properties" : { + "msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "process_vid_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "entropy_req" : { + "type" : "long" + }, + "device_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "entropy_res" : { + "type" : "long" + }, + "rid" : { + "type" : "long" + }, + "feed_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inode" : { + "type" : "long" + }, + "msg_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lc_cid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "process_vid_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lc_ctime" : { + "type" : "date" + }, + "resource_class" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "level" : { + "type" : "long" + }, + "resource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device_group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "payload_req" : { + "type" : "long" + }, + "payload_res" : { + "type" : "long" + }, + "device_ip" : { + "type" : "ip" + }, + "entry" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "obj_server" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device_ipv6" : { + "type" : "ip" + }, + "size" : { + "type" : "long" + }, + "event_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nwe_callback_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "word" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hcode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ubc_req" : { + "type" : "long" + }, + "session_split" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ubc_res" : { + "type" : "long" + }, + "header_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parse_error" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "obj_val" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "messageid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dead" : { + "type" : "long" + }, + "medium" : { + "type" : "long" + }, + "msg_vid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "forward_ip" : { + "type" : "ip" + }, + "statement" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourcefile" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "feed_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mcb_req" : { + "type" : "long" + }, + "obj_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mcb_res" : { + "type" : "long" + }, + "node_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "feed_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "audit_class" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "site" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mcbc_req" : { + "type" : "long" + }, + "device_type_id" : { + "type" : "long" + }, + "device_class" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mcbc_res" : { + "type" : "long" + }, + "time" : { + "type" : "date" + }, + "did" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "forward_ipv6" : { + "type" : "ip" + } + } + }, + "counters" : { + "properties" : { + "dclass_r2_str" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dclass_r2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dclass_r1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dclass_r3" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dclass_c2_str" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_counter" : { + "type" : "long" + }, + "dclass_r1_str" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dclass_r3_str" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dclass_c1" : { + "type" : "long" + }, + "dclass_c3" : { + "type" : "long" + }, + "dclass_c2" : { + "type" : "long" + }, + "dclass_c3_str" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dclass_c1_str" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "investigations" : { + "properties" : { + "ec_subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ec_activity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_cat_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ec_theme" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_vcat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "analysis_file" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inv_context" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inv_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "analysis_service" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_cat" : { + "type" : "long" + }, + "boc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eoc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ioc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ec_outcome" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "analysis_session" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "storage" : { + "properties" : { + "lun" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "disk_volume" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pwwn" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "network" : { + "properties" : { + "dns_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eth_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vlan_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "remote_domain_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dns_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp_code" : { + "type" : "long" + }, + "faddr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "network_service" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dns_ptr_record" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "zone_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "network_port" : { + "type" : "long" + }, + "packet_length" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eth_type" : { + "type" : "long" + }, + "host_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port" : { + "type" : "long" + }, + "dns_resp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lhost" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "paddr" : { + "type" : "ip" + }, + "fport" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "linterface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ad_computer_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rpayload" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fhost" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp_type" : { + "type" : "long" + }, + "ip_proto" : { + "type" : "long" + }, + "laddr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "phost" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alias_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_orig" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "zone_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "origin" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dns_a_record" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vlan" : { + "type" : "long" + }, + "dns_opcode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sinterface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "smask" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "addr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mask" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dmask" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dns_cname_record" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dinterface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "netname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protocol_detail" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "gateway" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "crypto" : { + "properties" : { + "ike_cookie1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ssl_ver_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cipher_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ike_cookie2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ike" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "https_valid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scheme" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_ca" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_error" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_host_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_host_cat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cipher_size_dst" : { + "type" : "long" + }, + "cert_checksum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "d_certauth" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cipher_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sig_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ssl_ver_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_keysize" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_issuer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "crypto" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_serial" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "https_insact" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "s_certauth" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert_common" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cipher_size_src" : { + "type" : "long" + }, + "cert_username" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "healthcare" : { + "properties" : { + "patient_fname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "patient_lname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "patient_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "patient_mname" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "endpoint" : { + "properties" : { + "registry_key" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "registry_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_state" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "file" : { + "properties" : { + "task_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attachment" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filename_tmp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filename_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filename_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "binary" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file_vendor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "privilege" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "directory_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file_entropy" : { + "type" : "double" + }, + "filesystem" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "directory_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "web" : { + "properties" : { + "web_ref_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_web_cookie" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alias_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reputation_num" : { + "type" : "double" + }, + "p_web_referer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_user_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fqdn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "web_cookie" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "web_ref_page" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "web_extension_tmp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "web_page" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "web_ref_query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "web_ref_root" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_web_method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "urlpage" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "remote_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "urlroot" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_asn_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_rpackets" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "identity" : { + "properties" : { + "service_account" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "firstname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "federated_idp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_sid_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ldap_response" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_dept" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dn_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "password" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ldap" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_sid_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "accesses" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "federated_sp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "owner" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "org" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "profile" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "middlename" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "logon_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lastname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dn_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "auth_method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "logon_type_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "realm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ldap_query" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "wireless" : { + "properties" : { + "access_point" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "wlan_channel" : { + "type" : "long" + }, + "wlan_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "wlan_ssid" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "threat" : { + "properties" : { + "threat_source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threat_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threat_category" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "time" : { + "properties" : { + "date" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "effective_time" : { + "type" : "date" + }, + "year" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "stamp" : { + "type" : "date" + }, + "eventtime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "starttime" : { + "type" : "date" + }, + "process_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "gmtdate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "datetime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "min" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hour" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_date" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_time2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "day" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timestamp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_time1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "gmttime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_time_str" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_queue_time" : { + "type" : "date" + }, + "endtime" : { + "type" : "date" + }, + "expire_time" : { + "type" : "date" + }, + "duration_str" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "recorded_time" : { + "type" : "date" + }, + "p_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "month" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "duration_time" : { + "type" : "double" + }, + "tzone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_month" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_time" : { + "type" : "date" + }, + "p_year" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "expire_time_str" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "physical" : { + "properties" : { + "org_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "org_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "db" : { + "properties" : { + "transact_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "database" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "instance" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "db_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lread" : { + "type" : "long" + }, + "permissions" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "index" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pread" : { + "type" : "long" + }, + "db_pid" : { + "type" : "long" + }, + "table_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lwrite" : { + "type" : "long" + } + } + }, + "email" : { + "properties" : { + "email_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trans_from" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trans_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "misc" : { + "properties" : { + "cs_if_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_minpcktlen" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_av_secondary" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cefversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_bgpv4nxthop" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "doc_number" : { + "type" : "long" + }, + "acl_table" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fresult" : { + "type" : "long" + }, + "cn_maxpcktlen" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "userid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_max_ttl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "comp_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_computer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mul_dst_pks" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cfg_attr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_v6flowlabel" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_engine_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cache" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cfg_path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "snmp_oid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context_subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_ctr_dst_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_num_static" : { + "type" : "double" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_modulescore" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srcburb" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "node" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "im_croomtype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_totbytsexp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "im_client" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "audit_object" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "comp_sbytes" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sburb" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_ipv4dstpre" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_log_medium" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_warning" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_v6nxthop" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_ipv4srcpre" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rec_asp_num" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "comp_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_if_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_ip_proto_ver" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cpu_data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "object" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_div" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_totflowexp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_sampler_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_src_vlan" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "latitude" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "devvendor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sec" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cache_hit" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_suspicious" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "found" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nwwn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "job_num" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_template_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "audit" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_v6optheaders" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cc_number" : { + "type" : "long" + }, + "policy" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_targetmodule" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vuln_ref" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sigUUID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_engine_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "change_new" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_flowsampmode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_group_object" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sessiontype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msgid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_event_uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srcdom" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pool_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "url_fld" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_payload" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_bit9status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cfg_obj" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_whois_server" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_opswatresult" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_analyzedby" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sig_id1" : { + "type" : "long" + }, + "id3" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_msgid1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operation" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_msgid2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "workspace" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reference_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lifetime" : { + "type" : "long" + }, + "criticality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "language" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_context" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "list_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "im_croomid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tgtdom" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location_floor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "virusname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alert_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "obj_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_ip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group_object" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "acl_op" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "im_members" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "edomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vsys" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "password_expire" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_av_primary" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "count" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_flowsampintv" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "svcno" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ruid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "finterface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "recordnum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_lifetime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "spi_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_filetype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_sampalgo" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alarmname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msg_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alarm_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subcategory" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "search_text" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "expected_val" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_msgid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_av_other" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_template" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distance" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "session" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "seqnum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sig_id_str" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "changes" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "admin" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "number1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "number2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lport" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "udb_class" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "spi_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_eth_src_ven" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_dst_tld" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "param" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "observed_val" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_dst_vlan" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "permgranted" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_totpcktsexp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "misc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_session_id1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ipkt" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_represult" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_control" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trigger_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "real_data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ntype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pool_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "listnum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bypass" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reference_id2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reference_id1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parent_node" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "data_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_sysuptime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "im_buddyname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hardware_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sig_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "gaddr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_acttimeout" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agent_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "owner_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_f_switch" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_inpermbyts" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_ip_next_hop" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "im_buddyid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "program" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_invalid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_result1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_inpermpckts" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_num_next" : { + "type" : "double" + }, + "cn_dst_tos" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_num" : { + "type" : "double" + }, + "tcp_flags" : { + "type" : "long" + }, + "policyUUID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_eth_dst_ven" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "edomaub" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_spackets" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_seqctr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_inacttimeout" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_loginname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mail_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "comp_class" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "streams" : { + "type" : "long" + }, + "utcstamp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "index" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "priority" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "im_userid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mul_dst_byt" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "benchmark" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "password_chg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "im_username" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "prog_asp_num" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_10" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "system" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "phone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mplstoplabel" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "netsessid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cmd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_registrant" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "opkt" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_flowsampid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vm_target" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "v_instafname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "param_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sensorname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ein_number" : { + "type" : "long" + }, + "cs_datecret" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "logip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sigcat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "library" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "acl_pos" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tos" : { + "type" : "long" + }, + "risk_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operation_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_src_tos" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_bgpv6nxthop" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pgid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_min_ttl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "orig_from" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "param_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "serial_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "username_fld" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filter" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "disposition" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "autorun_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trigger_val" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_l_switch" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connection_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ipspri" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "forensic_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_num_sand" : { + "type" : "double" + }, + "logid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sig_id" : { + "type" : "long" + }, + "facility" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_fld" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "space1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_log_rid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "auditdata" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "checksum_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_registrar" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_agency_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "num" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tgtdomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_yararesult" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sdomain_fld" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threshold" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "facilityname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "space" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_sampint" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "second" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_6" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_7" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tbdstr1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_8" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_9" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tbdstr2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message_body" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_3" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_4" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "permwanted" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_5" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "linenum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mpls_lbl_1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srcservice" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "jobname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "longitude" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_unixnanosecs" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "checksum_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "logname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ipscat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cpu" : { + "type" : "long" + }, + "cs_streams" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "spi" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context_target" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "load_data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rec_asp_device" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rec_library" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstburb" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_mplstoplabip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "misc_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sensor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vpnid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "virt_data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mbug_data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "change_attrib" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "obj_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_muligmptype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "link" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "clustermembers" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "error" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sql" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "process_id_val" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "payload_dst" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "checksum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "p_filter" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "acl_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_modulesign" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_asn_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "comments" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "euid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "OS" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_sourcemodule" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "match" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "change_old" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "terminal" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "command" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fcatnum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "comp_rbytes" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_log_did" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location_mark" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "payload_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inout" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_waiver" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk_num_comm" : { + "type" : "double" + }, + "snmp_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msgIdPart3" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msgIdPart4" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cn_ipv4_ident" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_log" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msgIdPart1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cs_rpayload" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msgIdPart2" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "nats" : { + "properties" : { + "log" : { + "properties" : { + "msg" : { + "properties" : { + "reply_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "max_messages" : { + "type" : "long" + }, + "bytes" : { + "type" : "long" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "error" : { + "properties" : { + "message" : { + "norms" : false, + "type" : "text" + } + } + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "queue_group" : { + "norms" : false, + "type" : "text" + }, + "sid" : { + "type" : "long" + } + } + }, + "client" : { + "properties" : { + "id" : { + "type" : "long" + } + } + } + } + } + } + }, + "server" : { + "properties" : { + "nat" : { + "properties" : { + "port" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + } + } + }, + "address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "top_level_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip" : { + "type" : "ip" + }, + "packets" : { + "type" : "long" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "geo" : { + "properties" : { + "region_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "continent_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location" : { + "type" : "geo_point" + }, + "region_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "registered_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + } + } + } + } + }, + "port" : { + "type" : "long" + }, + "bytes" : { + "type" : "long" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "properties" : { + "full_name" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "roles" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "apache2" : { + "properties" : { + "access" : { + "properties" : { + "geoip" : { + "properties" : { } + }, + "user_agent" : { + "properties" : { } + } + } + }, + "error" : { + "properties" : { } + } + } + }, + "cef" : { + "properties" : { + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extensions" : { + "properties" : { + "flexDate1" : { + "type" : "date" + }, + "agentTranslatedZoneExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString3Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "categoryObject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldFileSize" : { + "type" : "long" + }, + "agentZoneURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceNtDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "categoryOutcome" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "loguid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat_rulenum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceMacAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldFilePermission" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceProcessId" : { + "type" : "long" + }, + "sequencenum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationGeoLongitude" : { + "type" : "double" + }, + "agentTranslatedZoneURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cp_app_risk" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filename" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "requestContext" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceFacility" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationProcessName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceUserId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomNumber1" : { + "type" : "long" + }, + "deviceDirection" : { + "type" : "long" + }, + "deviceCustomNumber3" : { + "type" : "long" + }, + "deviceCustomNumber2" : { + "type" : "long" + }, + "deviceFlexNumber1" : { + "type" : "long" + }, + "deviceFlexNumber2" : { + "type" : "long" + }, + "deviceOutboundInterface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomNumber2Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceAddress" : { + "type" : "ip" + }, + "deviceCustomString5Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "requestUrl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceProcessName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationTranslatedZoneExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "categoryDeviceType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceZoneURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bytesOut" : { + "type" : "long" + }, + "destinationDnsDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceAddress" : { + "type" : "ip" + }, + "rule_action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationServiceName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "match_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldFileCreateTime" : { + "type" : "date" + }, + "deviceCustomIPv6Address3Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fileModificationTime" : { + "type" : "date" + }, + "deviceCustomFloatingPoint3Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationTranslatedAddress" : { + "type" : "ip" + }, + "agentMacAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "categoryDeviceGroup" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "endTime" : { + "type" : "date" + }, + "sourceTranslatedZoneExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agentNtDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationMacAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat_addtnl_rulenum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourcePort" : { + "type" : "long" + }, + "sourceZoneURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceFlexNumber1Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fileHash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceReceiptTime" : { + "type" : "date" + }, + "destinationTranslatedZoneURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomDate2Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationTranslatedPort" : { + "type" : "long" + }, + "deviceTranslatedAddress" : { + "type" : "ip" + }, + "deviceInboundInterface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationUserPrivileges" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cp_severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomDate1Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eventId" : { + "type" : "long" + }, + "agentAddress" : { + "type" : "ip" + }, + "sourceDnsDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomDate2" : { + "type" : "date" + }, + "deviceCustomDate1" : { + "type" : "date" + }, + "originsicname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agentHostName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldFileId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceZoneExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "requestMethod" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "origin" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "categoryTechnique" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agentTimeZone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "layer_uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "customerURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceExternalId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationUserName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationGeoLatitude" : { + "type" : "double" + }, + "agentDnsDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomNumber3Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceUserName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "externalId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString1Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agentVersion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldFileType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fileType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceDnsDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomIPv6Address4Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "type" : "long" + }, + "deviceCustomFloatingPoint4Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceServiceName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomIPv6Address1" : { + "type" : "ip" + }, + "deviceCustomIPv6Address4" : { + "type" : "ip" + }, + "deviceCustomIPv6Address3" : { + "type" : "ip" + }, + "requestCookies" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "applicationProtocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString2Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomIPv6Address2" : { + "type" : "ip" + }, + "destinationNtDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomFloatingPoint2Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceAction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "categoryBehavior" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inzone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomIPv6Address2Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldFileModificationTime" : { + "type" : "date" + }, + "deviceCustomFloatingPoint1" : { + "type" : "double" + }, + "oldFileHash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomFloatingPoint2" : { + "type" : "double" + }, + "deviceCustomFloatingPoint3" : { + "type" : "double" + }, + "sourceTranslatedAddress" : { + "type" : "ip" + }, + "deviceCustomFloatingPoint4" : { + "type" : "double" + }, + "fileCreateTime" : { + "type" : "date" + }, + "destinationPort" : { + "type" : "long" + }, + "sourceNtDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceHostName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agentType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceTranslatedZoneExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationProcessId" : { + "type" : "long" + }, + "deviceCustomString6Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filePermission" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceZoneExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceTranslatedZoneURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "transportProtocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "startTime" : { + "type" : "date" + }, + "deviceCustomNumber1Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceProcessId" : { + "type" : "long" + }, + "flexString2Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceTranslatedPort" : { + "type" : "long" + }, + "deviceCustomString1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString3" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString5" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationHostName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "devicePayloadId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString4" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agentZoneExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString6" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceEventCategory" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceFlexNumber2Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eventOutcome" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "logid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flexDate1Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationZoneURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationAddress" : { + "type" : "ip" + }, + "sourceUserPrivileges" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldFileName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceTranslatedZoneURI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agentReceiptTime" : { + "type" : "date" + }, + "layer_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceHostName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "categorySignificance" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sourceProcessName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flexString1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "requestClientApplication" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fileSize" : { + "type" : "long" + }, + "sourceGeoLatitude" : { + "type" : "double" + }, + "agentTranslatedAddress" : { + "type" : "ip" + }, + "flexString2" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fileId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceMacAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agentId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "baseEventCount" : { + "type" : "long" + }, + "deviceCustomIPv6Address1Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rawEvent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "customerExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "managerReceiptTime" : { + "type" : "date" + }, + "Reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomFloatingPoint1Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ifname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "service_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flexString1Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationUserId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bytesIn" : { + "type" : "long" + }, + "sourceGeoLongitude" : { + "type" : "double" + }, + "filePath" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldFilePath" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "outzone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parent_rule" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceCustomString4Label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destinationZoneExternalID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceTimeZone" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device" : { + "properties" : { + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_class_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vendor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "log" : { + "properties" : { + "file" : { + "properties" : { + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "original" : { + "ignore_above" : 1024, + "index" : false, + "type" : "keyword" + }, + "offset" : { + "type" : "long" + }, + "level" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "origin" : { + "properties" : { + "file" : { + "properties" : { + "line" : { + "type" : "long" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "function" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "logger" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "syslog" : { + "type" : "object", + "properties" : { + "severity" : { + "properties" : { + "code" : { + "type" : "long" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "priority" : { + "type" : "long" + }, + "facility" : { + "properties" : { + "code" : { + "type" : "long" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "source" : { + "properties" : { + "address" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "syslog" : { + "properties" : { + "priority" : { + "type" : "long" + }, + "facility" : { + "type" : "long" + }, + "severity_label" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "facility_label" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "panw" : { + "properties" : { + "panos" : { + "properties" : { + "ruleset" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destination" : { + "properties" : { + "nat" : { + "properties" : { + "port" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + } + } + }, + "zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "endreason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source" : { + "properties" : { + "nat" : { + "properties" : { + "port" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + } + } + }, + "zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "url" : { + "properties" : { + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "network" : { + "properties" : { + "nat" : { + "properties" : { + "community_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "pcap_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "sequence_number" : { + "type" : "long" + }, + "file" : { + "properties" : { + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "sub_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flow_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threat" : { + "properties" : { + "resource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "geo" : { + "properties" : { + "region_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "continent_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location" : { + "type" : "geo_point" + }, + "region_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "o365" : { + "properties" : { + "audit" : { + "properties" : { + "GroupName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "TargetUserOrGroupName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ItemType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "UserKey" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ImplicitShare" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "AlertEntityId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "EventData" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "IntraSystemId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Item" : { + "properties" : { + "*" : { + "type" : "object", + "properties" : { + "*" : { + "type" : "object" + } + } + } + } + }, + "OriginatingServer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "WebId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ClientAppId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "MailboxOwnerUPN" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "SharePointMetaData" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "CorrelationId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "SessionId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "UniqueSharingId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "MailboxOwnerMasterAccountSid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Parameters" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "SourceFileName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ExternalAccess" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "SourceFileExtension" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ClientIP" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "EntityType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "InternalLogonType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "EventSource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "AppId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "TargetUserOrGroupType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "CreationTime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "InterSystemsId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ApplicationId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "UserType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Members" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "OrganizationName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Site" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "AzureActiveDirectoryEventType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "TeamGuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ActorIpAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ActorUserId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ActorYammerUserId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "MailboxGuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "TeamName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "OrganizationId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Operation" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ClientIPAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ExtendedProperties" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "Source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "AlertType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "LogonUserSid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ListId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "RecordType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ModifiedProperties" : { + "properties" : { + "*" : { + "properties" : { + "*" : { + "type" : "object" + } + } + } + } + }, + "SupportTicketId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ClientInfoString" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "LogonError" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "UserAgent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ItemName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "DataType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "CustomUniqueId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ListItemUniqueId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ActorContextId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "MailboxOwnerSid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ObjectId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ApplicationDisplayName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ResultStatus" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Comments" : { + "norms" : false, + "type" : "text" + }, + "YammerNetworkId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "LogonType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "SiteUrl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "IncidentId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "SensitiveInfoDetectionIsIncluded" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Workload" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "SourceRelativeUrl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "AlertId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "UserId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ExchangeMetaData" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "TargetContextId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "PolicyId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ExceptionInfo" : { + "properties" : { + "*" : { + "type" : "object" + } + } + } + } + } + } + }, + "iis" : { + "properties" : { + "access" : { + "properties" : { + "site_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "server_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "geoip" : { + "properties" : { } + }, + "sub_status" : { + "type" : "long" + }, + "cookie" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "win32_status" : { + "type" : "long" + }, + "user_agent" : { + "properties" : { } + } + } + }, + "error" : { + "properties" : { + "queue_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "geoip" : { + "properties" : { } + }, + "reason_phrase" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "file" : { + "properties" : { + "extension" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "gid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "drive_letter" : { + "ignore_above" : 1, + "type" : "keyword" + }, + "mtime" : { + "type" : "date" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "accessed" : { + "type" : "date" + }, + "directory" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "path" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "code_signature" : { + "properties" : { + "valid" : { + "type" : "boolean" + }, + "trusted" : { + "type" : "boolean" + }, + "subject_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "exists" : { + "type" : "boolean" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "ctime" : { + "type" : "date" + }, + "group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "owner" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "created" : { + "type" : "date" + }, + "target_path" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "x509" : { + "properties" : { + "not_after" : { + "type" : "date" + }, + "public_key_exponent" : { + "index" : false, + "type" : "long" + }, + "not_before" : { + "type" : "date" + }, + "subject" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state_or_province" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distinguished_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "public_key_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_curve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "signature_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alternative_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issuer" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state_or_province" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distinguished_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "size" : { + "type" : "long" + }, + "pe" : { + "properties" : { + "file_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "imphash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "company" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "original_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "architecture" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "mime_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attributes" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "properties" : { + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha512" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "vlan" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "stream" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event" : { + "properties" : { + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reference" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "duration" : { + "type" : "long" + }, + "ingested" : { + "type" : "date" + }, + "provider" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "end" : { + "type" : "date" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "outcome" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "severity" : { + "type" : "long" + }, + "original" : { + "ignore_above" : 1024, + "index" : false, + "type" : "keyword" + }, + "risk_score" : { + "type" : "float" + }, + "kind" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "created" : { + "type" : "date" + }, + "module" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "start" : { + "type" : "date" + }, + "url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sequence" : { + "type" : "long" + }, + "risk_score_norm" : { + "type" : "float" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dataset" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "cisco" : { + "properties" : { + "umbrella" : { + "properties" : { + "puas" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "blocked_categories" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha_sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "datacenter" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "origin_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "amp_disposition" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "av_detections" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "amp_score" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "identities" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "identity_types" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_identity_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "categories" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "amp_malware_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "ftd" : { + "properties" : { + "threat_level" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mapped_source_port" : { + "type" : "long" + }, + "icmp_type" : { + "type" : "short" + }, + "mapped_destination_ip" : { + "type" : "ip" + }, + "connection_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mapped_destination_port" : { + "type" : "long" + }, + "dap_records" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_username" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "suffix" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threat_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mapped_destination_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destination_interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "security" : { + "type" : "object" + }, + "mapped_source_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mapped_source_ip" : { + "type" : "ip" + }, + "connection_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp_code" : { + "type" : "short" + }, + "destination_username" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "ios" : { + "properties" : { + "access_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "facility" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "asa" : { + "properties" : { + "mapped_source_port" : { + "type" : "long" + }, + "icmp_type" : { + "type" : "short" + }, + "threat_level" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mapped_destination_ip" : { + "type" : "ip" + }, + "connection_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mapped_destination_port" : { + "type" : "long" + }, + "dap_records" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_username" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "command_line_arguments" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "assigned_ip" : { + "type" : "ip" + }, + "privilege" : { + "properties" : { + "new" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "old" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "suffix" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threat_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mapped_destination_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destination_interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mapped_source_ip" : { + "type" : "ip" + }, + "mapped_source_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connection_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp_code" : { + "type" : "short" + }, + "burst" : { + "properties" : { + "configured_avg_rate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cumulative_count" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "configured_rate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "avg_rate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "current_rate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "object" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "destination_username" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "mssql" : { + "properties" : { + "log" : { + "properties" : { + "origin" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "activemq" : { + "properties" : { + "caller" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log" : { + "properties" : { + "stack_trace" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "audit" : { + "properties" : { } + }, + "thread" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "fileset" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "rabbitmq" : { + "properties" : { + "log" : { + "properties" : { + "pid" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "url" : { + "properties" : { + "extension" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "original" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "scheme" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "top_level_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "password" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fragment" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "registered_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port" : { + "type" : "long" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "full" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "username" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "forcepoint" : { + "properties" : { + "virus_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "igmp" : { + "properties" : { + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "@timestamp" : { + "type" : "date" + }, + "fortinet" : { + "properties" : { + "file" : { + "properties" : { + "hash" : { + "properties" : { + "crc32" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "firewall" : { + "properties" : { + "srcuuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "iaid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "infectedfilelevel" : { + "type" : "long" + }, + "remote" : { + "type" : "ip" + }, + "aptype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "translationid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scanned" : { + "type" : "long" + }, + "domainfilterlist" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "portend" : { + "type" : "long" + }, + "vip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "opercountry" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "probeproto" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "profile" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "community" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ap" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scantime" : { + "type" : "long" + }, + "devtype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmptype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "setuprate" : { + "type" : "long" + }, + "size" : { + "type" : "long" + }, + "cert-type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "referralurl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "urlfilterlist" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "assigned" : { + "type" : "ip" + }, + "phase2_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fortiguardresp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vapmode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "informationsource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldchannel" : { + "type" : "long" + }, + "virus" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "result" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldchassisid" : { + "type" : "long" + }, + "disklograte" : { + "type" : "long" + }, + "seq" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vulncat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vendorurl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rssi" : { + "type" : "long" + }, + "radioidclosest" : { + "type" : "long" + }, + "connection_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vwlservice" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policytype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "column" : { + "type" : "long" + }, + "session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "countdns" : { + "type" : "long" + }, + "xauthuser" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "shaperperipname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "stage" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "quotamax" : { + "type" : "long" + }, + "exch" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "banword" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lease" : { + "type" : "long" + }, + "dstosversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_int" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "shaperdroprcvdbyte" : { + "type" : "long" + }, + "banned_src" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "datarange" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cloudaction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldsn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ds" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "red" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "acktime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "radioiddetected" : { + "type" : "long" + }, + "countav" : { + "type" : "long" + }, + "act" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "signal" : { + "type" : "long" + }, + "wanoptapptype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cfgattr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "count" : { + "type" : "long" + }, + "countdlp" : { + "type" : "long" + }, + "to_vcluster" : { + "type" : "long" + }, + "outintf" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "suspicious" : { + "type" : "long" + }, + "cfgobj" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port" : { + "type" : "long" + }, + "exchange" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstcountry" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srcssid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "snmeshparent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "addrgrp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "urltype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filefilter" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "apscan" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "apprisk" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "analyticssubmit" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "devcategory" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "incidentserialno" : { + "type" : "long" + }, + "rate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scope" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ssllocal" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "live" : { + "type" : "long" + }, + "configcountry" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "conserve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "switchproto" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vpn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attackcontextid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srcswversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "age" : { + "type" : "long" + }, + "vcluster" : { + "type" : "long" + }, + "domainctrlip" : { + "type" : "ip" + }, + "addr_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mgmtcnt" : { + "type" : "long" + }, + "channel" : { + "type" : "long" + }, + "dintf" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ha_group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "banned_rule" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "license_limit" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rawdata" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "quotaexceeded" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstdevtype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "init" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vwpvlanid" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + }, + "dsthwvendor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "invalidmac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "clouduser" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vdname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vrf" : { + "type" : "long" + }, + "ruledata" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "field" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "appact" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cdrcontent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "certhash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sync_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "analyticscksum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sndetected" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "poolname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "server" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authproto" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reporttype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "duid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "netid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "quotaused" : { + "type" : "long" + }, + "epoch" : { + "type" : "long" + }, + "onwire" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "login" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "local" : { + "type" : "ip" + }, + "tamac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstosname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sysuptime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "noise" : { + "type" : "long" + }, + "infected" : { + "type" : "long" + }, + "domainctrlauthtype" : { + "type" : "long" + }, + "trigger" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "iptype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "shapingpolicyid" : { + "type" : "long" + }, + "acct_stat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "countips" : { + "type" : "long" + }, + "wanout" : { + "type" : "long" + }, + "oldslot" : { + "type" : "long" + }, + "countemail" : { + "type" : "long" + }, + "eapoltype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "passedcount" : { + "type" : "long" + }, + "constraint" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filtername" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attackid" : { + "type" : "long" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pid" : { + "type" : "long" + }, + "srccountry" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reqtype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "crscore" : { + "type" : "long" + }, + "newslot" : { + "type" : "long" + }, + "limit" : { + "type" : "long" + }, + "host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "processtime" : { + "type" : "long" + }, + "srcinetsvc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "osname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "remotewtptime" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstfamily" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "transid" : { + "type" : "long" + }, + "ruletype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cpu" : { + "type" : "long" + }, + "freediskstorage" : { + "type" : "long" + }, + "vpntype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "spi" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "xauthgroup" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lowcount" : { + "type" : "long" + }, + "unit" : { + "type" : "long" + }, + "disk" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "wanin" : { + "type" : "long" + }, + "used_for_type" : { + "type" : "long" + }, + "submodule" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sensor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app-type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "crlevel" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "slot" : { + "type" : "long" + }, + "domainfilteridx" : { + "type" : "long" + }, + "filtertype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total" : { + "type" : "long" + }, + "mem" : { + "type" : "long" + }, + "dlpextra" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subtype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "countcifs" : { + "type" : "long" + }, + "crl" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domainctrlprotocoltype" : { + "type" : "long" + }, + "old_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "stamac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trace_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "shaperdropsentbyte" : { + "type" : "long" + }, + "dstdevcategory" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srcname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sentdelta" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstssid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sessionid" : { + "type" : "long" + }, + "fwserver_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threattype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "expiry" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "module" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filtercat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srcserver" : { + "type" : "long" + }, + "received" : { + "type" : "long" + }, + "fams_pause" : { + "type" : "long" + }, + "botnetip" : { + "type" : "ip" + }, + "fctuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "call_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "chassisid" : { + "type" : "long" + }, + "domainctrlusername" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cldobjid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vcluster_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "passwd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "countweb" : { + "type" : "long" + }, + "alarmid" : { + "type" : "long" + }, + "old_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "highcount" : { + "type" : "long" + }, + "activity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authserver" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "botnetdomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cookies" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ddnsserver" : { + "type" : "ip" + }, + "encryption" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attack" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "encrypt" : { + "type" : "long" + }, + "sn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sscname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "stitch" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lanin" : { + "type" : "long" + }, + "auditscore" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bandwidth" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "intf" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "portbegin" : { + "type" : "long" + }, + "detectionmethod" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rawdataid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sslaction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_addr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cfgpath" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstserver" : { + "type" : "long" + }, + "radioband" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "newchassisid" : { + "type" : "long" + }, + "applist" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vwlid" : { + "type" : "long" + }, + "ui" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "esptransform" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "masterdstmac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "keyword" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filehashsrc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_proto" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "auditid" : { + "type" : "long" + }, + "vulnid" : { + "type" : "long" + }, + "domainctrldomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "audittime" : { + "type" : "long" + }, + "fqdn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cfgtxpower" : { + "type" : "long" + }, + "groupid" : { + "type" : "long" + }, + "frametype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "daemon" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "craction" : { + "type" : "long" + }, + "tunnelid" : { + "type" : "long" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstinetsvc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "snclosest" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tunnelip" : { + "type" : "ip" + }, + "osversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "countwaf" : { + "type" : "long" + }, + "desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lanout" : { + "type" : "long" + }, + "quotatype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srcintfrole" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "profiletype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fazlograte" : { + "type" : "long" + }, + "admin" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "malform_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmpid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_int" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subservice" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "meshmode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "channeltype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "criticalcount" : { + "type" : "long" + }, + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "shapersentname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "receivedsignature" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "green" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "apsn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "opertxpower" : { + "type" : "long" + }, + "in_spi" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "expectedsignature" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dhcp_msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srchwversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "gateway" : { + "type" : "ip" + }, + "totalsession" : { + "type" : "long" + }, + "sslremote" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "initiator" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mpsk" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstswversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "new_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nf_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "virusid" : { + "type" : "long" + }, + "dsthwversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "profilegroup" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cfgtid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmpcode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eapolcnt" : { + "type" : "long" + }, + "countff" : { + "type" : "long" + }, + "fctemssn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trandisp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vulnname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tunneltype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "new_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "identifier" : { + "type" : "long" + }, + "sync_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vap" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "newchannel" : { + "type" : "long" + }, + "message_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "centralnatid" : { + "type" : "long" + }, + "out_spi" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filteridx" : { + "type" : "long" + }, + "nextstat" : { + "type" : "long" + }, + "phone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "apstatus" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sensitivity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ha-prio" : { + "type" : "long" + }, + "espauth" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "carrier_ep" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "profile_vd" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rsso_key" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bssid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "manuf" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domainctrlauthstate" : { + "type" : "long" + }, + "cveid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "stacount" : { + "type" : "long" + }, + "countssh" : { + "type" : "long" + }, + "authgrp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ssid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "countssl" : { + "type" : "long" + }, + "monitor-type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "from_vcluster" : { + "type" : "long" + }, + "countapp" : { + "type" : "long" + }, + "monitor-name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domainctrlname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fsaverdict" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msgproto" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "contentdisarmed" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstintfrole" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "urlsource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "appid" : { + "type" : "long" + }, + "rcvddelta" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstunauthusersource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srchwvendor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "date" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ha_role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attackcontext" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "used" : { + "type" : "long" + }, + "chgheaders" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "devintfname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "xid" : { + "type" : "long" + }, + "forwardedfor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mastersrcmac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "shaperrcvdname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "qtypeval" : { + "type" : "long" + }, + "from" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldwprof" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "assignip" : { + "type" : "ip" + }, + "weakwepiv" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "docsource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "unauthusersource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "kind" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vwlquality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vcluster_member" : { + "type" : "long" + }, + "mtu" : { + "type" : "long" + }, + "handshake" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "line" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstuuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "urlfilteridx" : { + "type" : "long" + }, + "peer_notif" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vpntunnel" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "serialno" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "security" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attachment" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cat" : { + "type" : "long" + }, + "checksum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "addr" : { + "type" : "ip" + }, + "utmaction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "process" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hbdn_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "radioid" : { + "type" : "long" + }, + "mediumcount" : { + "type" : "long" + }, + "srcfamily" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "command" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "contenttype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "malform_data" : { + "type" : "long" + }, + "trueclntip" : { + "type" : "ip" + }, + "quarskip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "serial" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "shaperperipdropbyte" : { + "type" : "long" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "adgroup" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "organization" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "haproxy" : { + "properties" : { + "error_message" : { + "norms" : false, + "type" : "text" + }, + "tcp" : { + "properties" : { + "connection_waiting_time_ms" : { + "type" : "long" + } + } + }, + "server_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bind_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "geoip" : { + "properties" : { } + }, + "total_waiting_time_ms" : { + "type" : "long" + }, + "termination_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "time_queue" : { + "type" : "long" + }, + "connection_wait_time_ms" : { + "type" : "long" + }, + "destination" : { + "properties" : { } + }, + "bytes_read" : { + "type" : "long" + }, + "source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "backend_queue" : { + "type" : "long" + }, + "backend_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "http" : { + "properties" : { + "request" : { + "properties" : { + "captured_cookie" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "raw_request_line" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "captured_headers" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "time_wait_ms" : { + "type" : "long" + }, + "time_wait_without_data_ms" : { + "type" : "long" + } + } + }, + "response" : { + "properties" : { + "captured_cookie" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "captured_headers" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "frontend_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client" : { + "properties" : { } + }, + "server_queue" : { + "type" : "long" + }, + "time_backend_connect" : { + "type" : "long" + }, + "connections" : { + "properties" : { + "server" : { + "type" : "long" + }, + "retries" : { + "type" : "long" + }, + "active" : { + "type" : "long" + }, + "backend" : { + "type" : "long" + }, + "frontend" : { + "type" : "long" + } + } + } + } + }, + "okta" : { + "properties" : { + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request" : { + "properties" : { + "ip_chain" : { + "properties" : { + "geographical_context" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "postal_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "geolocation" : { + "type" : "geo_point" + } + } + }, + "ip" : { + "type" : "ip" + }, + "source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "authentication_context" : { + "properties" : { + "credential_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authentication_provider" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "credential_provider" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authentication_step" : { + "type" : "long" + }, + "interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "external_session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "display_message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "actor" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "display_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alternate_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "debug_context" : { + "properties" : { + "debug_data" : { + "properties" : { + "device_fingerprint" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threat_suspected" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_uri" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "url" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "event_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client" : { + "properties" : { + "zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip" : { + "type" : "ip" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_agent" : { + "properties" : { + "raw_user_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "os" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "browser" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "outcome" : { + "properties" : { + "result" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "security_context" : { + "properties" : { + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "isp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "is_proxy" : { + "type" : "boolean" + } + } + }, + "transaction" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "checkpoint" : { + "properties" : { + "sip_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sensor_mode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_user_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scan_hosts_hour" : { + "type" : "long" + }, + "installed_products" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "via" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_headers" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ftp_user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_categories" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fw_message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat_rulenum" : { + "type" : "long" + }, + "specific_data_type_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_from_user_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_initial_access" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_id" : { + "type" : "long" + }, + "content_length" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_message_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_skipped_files_number" : { + "type" : "long" + }, + "extension_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_lateral_movement" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rpc_prog" : { + "type" : "long" + }, + "community" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_scanned_directories_number" : { + "type" : "long" + }, + "reject_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "int_end" : { + "type" : "long" + }, + "https_inspection_rule_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scan_results" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bcc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scheme" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "confidence_level" : { + "type" : "long" + }, + "indicator_uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "http_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tcp_packet_out_of_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_word_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "referrer_parent_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "match_id" : { + "type" : "long" + }, + "dce-rpc_interface_uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "internal_error" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "diameter_msg_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fw_subproduct" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "unique_detected_week" : { + "type" : "long" + }, + "mirror_and_decrypt_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "calc_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "information" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operation_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat_addtnl_rulenum" : { + "type" : "long" + }, + "proxy_user_dn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_exfiltration" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extracted_file_verdict" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "delivery_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "malware_family" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scan_hosts_day" : { + "type" : "long" + }, + "failure_impact" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_data_type_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "anti_virus_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cluster_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mime_from" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "https_inspection_action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attack_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scrub_activity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dropped_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "capture_uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "site_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "auth_method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_control_analysis" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scrubbed_content" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_scanned_files_number" : { + "type" : "long" + }, + "email_subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_fingerprint_files_number" : { + "type" : "long" + }, + "voip_media_ipp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer_gateway" : { + "type" : "ip" + }, + "app_sig_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "match_fk" : { + "type" : "long" + }, + "layer_uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "spyware_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "duration" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_call_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "next_scheduled_scan_date" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connection_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scope" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_media_codec" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "chunk_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "matched_file" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "arrival_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reply_status" : { + "type" : "long" + }, + "encryption_failure" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icap_server_service" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ticket_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_spool_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "additional_rdata" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parent_process_username" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "referrer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_to_user_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "observable_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "esod_rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "broker_publisher" : { + "type" : "ip" + }, + "email_control" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mime_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_package" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scan_mail" : { + "type" : "long" + }, + "audit_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authorization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_reg_user_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_queue_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "developer_certificate_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "limit_applied" : { + "type" : "long" + }, + "context_num" : { + "type" : "long" + }, + "media_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "esod_associated_policies" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "type" : "long" + }, + "process_username" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scrub_total_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cookie" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "impacted_files" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "indicator_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "certificate_resource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icap_service_id" : { + "type" : "long" + }, + "icap_server_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dropped_file_hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "additional_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_execution" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "verdict" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_object" : { + "type" : "long" + }, + "next_hop_ip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sctp_association_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "short_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ike_ids" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sys_message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sub_policy_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scrub_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip_option" : { + "type" : "long" + }, + "first_hit_time" : { + "type" : "long" + }, + "c_bytes" : { + "type" : "long" + }, + "incident_extension" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extracted_file_hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "unique_detected_day" : { + "type" : "long" + }, + "file_direction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action_reason" : { + "type" : "long" + }, + "nat46" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "objecttype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "detected_on" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "proxy_src_ip" : { + "type" : "ip" + }, + "log_id" : { + "type" : "long" + }, + "dlp_repository_total_size" : { + "type" : "long" + }, + "similar_hashes" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_queue_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "end_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trusted_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dropped_file_verdict" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "failure_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "suppressed_logs" : { + "type" : "long" + }, + "voip_method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "certificate_validation" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "machine" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dropped_incoming" : { + "type" : "long" + }, + "logid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sig_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connectivity_level" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "spyware_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "monitor_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_incident_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "limit_requested" : { + "type" : "long" + }, + "app_repackaged" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_reg_period" : { + "type" : "long" + }, + "session_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_fingerprint_short_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scan_result" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_root_path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_call_dir" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "registered_ip-phones" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "question_rdata" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_content" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "virus_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "layer_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "last_rematch_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_command_and_control" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destination_object" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scv_user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "word_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parent_file_hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "data_type_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inspection_settings_log" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "http_location" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "emulated_on" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat_exhausted_pool" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_fingerprint_long_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "drops_amount" : { + "type" : "long" + }, + "esod_scan_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "elapsed" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "end_user_firewall_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content_disposition" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_discovery" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_exp" : { + "type" : "long" + }, + "dst_country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_sid_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cp_message" : { + "type" : "long" + }, + "indicator_reference" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "long_desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inspection_profile" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parent_rule" : { + "type" : "long" + }, + "esod_access_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "conns_amount" : { + "type" : "long" + }, + "observable_comment" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "diameter_app_ID" : { + "type" : "long" + }, + "dropped_total" : { + "type" : "long" + }, + "http_server" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tls_server_host_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "properties" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scan_direction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_transint" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "special_properties" : { + "type" : "long" + }, + "referrer_self_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_directories_number" : { + "type" : "long" + }, + "allocated_ports" : { + "type" : "long" + }, + "icmp_code" : { + "type" : "long" + }, + "reject_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extracted_file_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "diameter_cmd_code" : { + "type" : "long" + }, + "voip_reg_server" : { + "type" : "ip" + }, + "inspection_item" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_persistence" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scan_hosts_week" : { + "type" : "long" + }, + "protection_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "similar_communication" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "files_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "number_of_errors" : { + "type" : "long" + }, + "host_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_reg_ipp" : { + "type" : "long" + }, + "original_queue_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "links_num" : { + "type" : "long" + }, + "mitre_credential_access" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_reached_directories_number" : { + "type" : "long" + }, + "voip_config" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authority_rdata" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_reg_int" : { + "type" : "long" + }, + "source_os" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_duration" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "unique_detected_hour" : { + "type" : "long" + }, + "client_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_phone_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scrub_download_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "msgid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message_size" : { + "type" : "long" + }, + "similar_strings" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ppp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstkeyid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_related_incident_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "drop_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "operation" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "indicator_description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "performance_impact" : { + "type" : "long" + }, + "attachments_num" : { + "type" : "long" + }, + "app_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rulebase_id" : { + "type" : "long" + }, + "client_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tcp_end_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_additional_action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "frequency" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "parent_file_uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_phone_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "needs_browse_time" : { + "type" : "long" + }, + "source_interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_call_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cookieI" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fs-proto" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "securexl_message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vpn_feature_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "duplicate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sync" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cookieR" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "similiar_iocs" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "matched_file_text_segments" : { + "type" : "long" + }, + "matched_file_percentage" : { + "type" : "long" + }, + "packet_capture_unique_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_mgmt" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "desc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vendor_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tcp_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_count" : { + "type" : "long" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule" : { + "type" : "long" + }, + "sctp_error" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "speed" : { + "type" : "long" + }, + "voip_reject_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_log_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "top_archive_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_data_type_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_reason_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "precise_error" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "summary" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "https_inspection_rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_attachments" : { + "type" : "long" + }, + "file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_template_score" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_recipients_num" : { + "type" : "long" + }, + "protection_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "risk" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_recipients" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_type_os" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_call_term_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "analyzed_on" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "answer_rdata" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "inspection_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subs_exp" : { + "type" : "date" + }, + "extracted_file_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "objecttable" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tcp_flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "web_server_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "packet_amount" : { + "type" : "long" + }, + "cgnet" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "proxy_machine_name" : { + "type" : "long" + }, + "hide_ip" : { + "type" : "ip" + }, + "subscriber" : { + "type" : "ip" + }, + "watermark" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "spyware_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rematch_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "termination_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "esod_rule_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_scanned_total_size" : { + "type" : "long" + }, + "parent_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_scan_progress" : { + "type" : "long" + }, + "integrity_av_invoke_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_defense_evasion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icap_more_info" : { + "type" : "long" + }, + "log_delay" : { + "type" : "long" + }, + "dlp_action_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp_type" : { + "type" : "long" + }, + "methods" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dns_query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content_risk" : { + "type" : "long" + }, + "isp_link" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_est_codec" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "capacity" : { + "type" : "long" + }, + "blade_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "invalid_file_size" : { + "type" : "long" + }, + "peer_ip_probing_status_update" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dropped_file_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cvpn_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "origin_sic_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "esod_noncompliance_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_attach_sz" : { + "type" : "long" + }, + "dlp_relevant_data_types" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_attach_action_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extracted_file_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "esod_rule_action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ike" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protection_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "proxy_user_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "remediated_files" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "triggered_by" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "link_probing_status_update" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_user_dn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status_update" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_user_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hit" : { + "type" : "long" + }, + "identity_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_spam_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ports_usage" : { + "type" : "long" + }, + "mitre_impact" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "expire_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "browse_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_risk" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "te_verdict_determined_by" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "observable_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "voip_media_port" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "appi_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "last_hit_time" : { + "type" : "long" + }, + "interface_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_collection" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_files_number" : { + "type" : "long" + }, + "additional_ip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_properties" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "scv_message_info" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_watermark_profile" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "https_validation" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "int_start" : { + "type" : "long" + }, + "user_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connectivity_state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srckeyid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "outgoing_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cvpn_resource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dropped_outgoing" : { + "type" : "long" + }, + "dlp_rule_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sub_policy_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "update_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "peer_ip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_not_scanned_directories_percentage" : { + "type" : "long" + }, + "scan_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_privilege_escalation" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_violation_description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dlp_repository_unreachable_directories_number" : { + "type" : "long" + } + } + }, + "kubernetes" : { + "properties" : { + "container" : { + "properties" : { + "image" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "node" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "pod" : { + "properties" : { + "uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "statefulset" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "namespace" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "annotations" : { + "properties" : { + "*" : { + "type" : "object" + } + } + }, + "replicaset" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "deployment" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "labels" : { + "properties" : { + "*" : { + "type" : "object" + } + } + } + } + }, + "agent" : { + "properties" : { + "hostname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "build" : { + "properties" : { + "original" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ephemeral_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "source" : { + "properties" : { + "nat" : { + "properties" : { + "port" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + } + } + }, + "address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "top_level_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "packets" : { + "type" : "long" + }, + "geo" : { + "properties" : { + "region_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "continent_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "region_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location" : { + "type" : "geo_point" + } + } + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + } + } + } + } + }, + "registered_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port" : { + "type" : "long" + }, + "service" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "bytes" : { + "type" : "long" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "properties" : { + "full_name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "roles" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "microsoft" : { + "properties" : { + "m365_defender" : { + "properties" : { + "alerts" : { + "properties" : { + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "investigationId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "creationTime" : { + "type" : "date" + }, + "devices" : { + "type" : "flattened" + }, + "resolvedTime" : { + "type" : "date" + }, + "threatFamilyName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "determination" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "actorName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "investigationState" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "classification" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitreTechniques" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "assignedTo" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "entities" : { + "properties" : { + "securityGroupName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "accountName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "entityType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "registryValueType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mailboxDisplayName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ipAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deviceId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "clusterBy" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "registryHive" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "securityGroupId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "registryKey" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mailboxAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "deliveryAction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sender" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "recipient" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "userSid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lastUpdatedTime" : { + "type" : "date" + }, + "detectionSource" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "incidentId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "redirectIncidentId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "determination" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "incidentName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "investigationState" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "incidentId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "classification" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "assignedTo" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "defender_atp" : { + "properties" : { + "investigationId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "evidence" : { + "properties" : { + "aadUserId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "accountName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "entityType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domainName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ipAddress" : { + "type" : "ip" + }, + "userPrincipalName" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "resolvedTime" : { + "type" : "date" + }, + "threatFamilyName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "determination" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rbacGroupName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "investigationState" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "incidentId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "classification" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "assignedTo" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "lastUpdateTime" : { + "type" : "date" + } + } + } + } + }, + "cloud" : { + "properties" : { + "image" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "availability_zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "instance" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "provider" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "machine" : { + "properties" : { + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "project" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "region" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "account" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "logstash" : { + "properties" : { + "log" : { + "properties" : { + "module" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pipeline_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_event" : { + "type" : "object" + }, + "thread" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + } + } + }, + "slowlog" : { + "properties" : { + "took_in_millis" : { + "type" : "long" + }, + "plugin_params" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "module" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "plugin_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "plugin_params_object" : { + "type" : "object" + }, + "thread" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "event" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "plugin_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "netflow" : { + "properties" : { + "information_element_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "next_header_ipv6" : { + "type" : "short" + }, + "class_id" : { + "type" : "long" + }, + "min_flow_start_milliseconds" : { + "type" : "date" + }, + "application_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat_event" : { + "type" : "short" + }, + "icmp_code_ipv6" : { + "type" : "short" + }, + "icmp_code_ipv4" : { + "type" : "short" + }, + "sampling_flow_spacing" : { + "type" : "long" + }, + "tcp_ack_total_count" : { + "type" : "long" + }, + "post_ip_diff_serv_code_point" : { + "type" : "short" + }, + "not_sent_packet_total_count" : { + "type" : "long" + }, + "mpls_label_stack_section10" : { + "type" : "short" + }, + "dropped_packet_total_count" : { + "type" : "long" + }, + "flow_start_sys_up_time" : { + "type" : "long" + }, + "post_octet_delta_count" : { + "type" : "long" + }, + "mpls_label_stack_section5" : { + "type" : "short" + }, + "pseudo_wire_control_word" : { + "type" : "long" + }, + "mpls_label_stack_section4" : { + "type" : "short" + }, + "octet_delta_count" : { + "type" : "long" + }, + "mpls_label_stack_section3" : { + "type" : "short" + }, + "initiator_octets" : { + "type" : "long" + }, + "sampler_id" : { + "type" : "short" + }, + "mpls_label_stack_section2" : { + "type" : "short" + }, + "dropped_octet_total_count" : { + "type" : "long" + }, + "mpls_label_stack_section9" : { + "type" : "short" + }, + "mpls_label_stack_section8" : { + "type" : "short" + }, + "mpls_label_stack_section7" : { + "type" : "short" + }, + "metering_process_id" : { + "type" : "long" + }, + "mpls_label_stack_section6" : { + "type" : "short" + }, + "address_pool_low_threshold" : { + "type" : "long" + }, + "source_ipv6_prefix" : { + "type" : "ip" + }, + "sta_ipv4_address" : { + "type" : "ip" + }, + "connection_sum_duration_seconds" : { + "type" : "long" + }, + "mib_module_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "http_reason_phrase" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mobile_msisdn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "confidence_level" : { + "type" : "double" + }, + "mib_object_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash_ip_payload_offset" : { + "type" : "long" + }, + "ignored_packet_total_count" : { + "type" : "long" + }, + "min_flow_start_nanoseconds" : { + "type" : "date" + }, + "tcp_options" : { + "type" : "long" + }, + "virtual_station_interface_id" : { + "type" : "short" + }, + "http_user_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "post_ip_precedence" : { + "type" : "short" + }, + "sampling_size" : { + "type" : "long" + }, + "ip_version" : { + "type" : "short" + }, + "flow_sampling_time_spacing" : { + "type" : "long" + }, + "tcp_window_scale" : { + "type" : "long" + }, + "data_records_reliability" : { + "type" : "boolean" + }, + "ip_total_length" : { + "type" : "long" + }, + "post_mcast_octet_delta_count" : { + "type" : "long" + }, + "src_traffic_index" : { + "type" : "long" + }, + "ingress_physical_interface" : { + "type" : "long" + }, + "layer2_octet_total_sum_of_squares" : { + "type" : "long" + }, + "address_port_mapping_per_user_high_threshold" : { + "type" : "long" + }, + "sampling_time_interval" : { + "type" : "long" + }, + "ip_next_hop_ipv6_address" : { + "type" : "ip" + }, + "http_request_host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sampling_interval" : { + "type" : "long" + }, + "session_scope" : { + "type" : "short" + }, + "vr_fname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mpls_label_stack_depth" : { + "type" : "long" + }, + "sampling_flow_interval" : { + "type" : "long" + }, + "initiator_packets" : { + "type" : "long" + }, + "post_nat_destination_ipv6_address" : { + "type" : "ip" + }, + "vpn_identifier" : { + "type" : "short" + }, + "destination_transport_port" : { + "type" : "long" + }, + "tcp_fin_total_count" : { + "type" : "long" + }, + "distinct_count_of_destination_ip_address" : { + "type" : "long" + }, + "source_transport_ports_limit" : { + "type" : "long" + }, + "destination_ipv4_prefix" : { + "type" : "ip" + }, + "original_flows_completed" : { + "type" : "long" + }, + "nat_pool_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_length_ipv4" : { + "type" : "long" + }, + "data_link_frame_type" : { + "type" : "long" + }, + "post_ip_class_of_service" : { + "type" : "short" + }, + "nat_instance_id" : { + "type" : "long" + }, + "sampling_time_space" : { + "type" : "long" + }, + "application_category_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ignored_layer2_frame_total_count" : { + "type" : "long" + }, + "port_range_step_size" : { + "type" : "long" + }, + "mib_capture_time_semantics" : { + "type" : "short" + }, + "sampling_packet_interval" : { + "type" : "long" + }, + "post_mcast_packet_delta_count" : { + "type" : "long" + }, + "selector_id" : { + "type" : "long" + }, + "ipv6_extension_headers" : { + "type" : "long" + }, + "dropped_layer2_octet_total_count" : { + "type" : "long" + }, + "not_sent_flow_total_count" : { + "type" : "long" + }, + "mib_object_value_ip_address" : { + "type" : "ip" + }, + "dot1q_customer_vlan_id" : { + "type" : "long" + }, + "tcp_urg_total_count" : { + "type" : "long" + }, + "mpls_top_label_type" : { + "type" : "short" + }, + "rtp_sequence_number" : { + "type" : "long" + }, + "section_exported_octets" : { + "type" : "long" + }, + "dst_traffic_index" : { + "type" : "long" + }, + "flow_duration_microseconds" : { + "type" : "long" + }, + "post_octet_total_count" : { + "type" : "long" + }, + "tcp_header_length" : { + "type" : "short" + }, + "protocol_identifier" : { + "type" : "short" + }, + "mib_object_value_unsigned" : { + "type" : "long" + }, + "metro_evc_type" : { + "type" : "short" + }, + "mpls_label_stack_section" : { + "type" : "short" + }, + "wlan_ssid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "udp_destination_port" : { + "type" : "long" + }, + "max_fragments_pending_reassembly" : { + "type" : "long" + }, + "collector_ipv4_address" : { + "type" : "ip" + }, + "internal_address_realm" : { + "type" : "short" + }, + "flow_start_delta_microseconds" : { + "type" : "long" + }, + "information_element_range_begin" : { + "type" : "long" + }, + "payload_length_ipv6" : { + "type" : "long" + }, + "information_element_units" : { + "type" : "long" + }, + "ingress_interface" : { + "type" : "long" + }, + "observation_domain_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mpls_top_label_ipv4_address" : { + "type" : "ip" + }, + "max_session_entries" : { + "type" : "long" + }, + "tcp_window_size" : { + "type" : "long" + }, + "biflow_direction" : { + "type" : "short" + }, + "post_nat_destination_ipv4_address" : { + "type" : "ip" + }, + "information_element_id" : { + "type" : "long" + }, + "bgp_source_as_number" : { + "type" : "long" + }, + "exporter_certificate" : { + "type" : "short" + }, + "sampler_mode" : { + "type" : "short" + }, + "sta_mac_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flow_selected_octet_delta_count" : { + "type" : "long" + }, + "dropped_packet_delta_count" : { + "type" : "long" + }, + "nat_pool_id" : { + "type" : "long" + }, + "mpls_top_label_stack_section" : { + "type" : "short" + }, + "source_mac_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ethernet_type" : { + "type" : "long" + }, + "multicast_replication_factor" : { + "type" : "long" + }, + "lower_ci_limit" : { + "type" : "double" + }, + "anonymization_technique" : { + "type" : "long" + }, + "transport_packet_delta_count" : { + "type" : "long" + }, + "destination_ipv6_prefix_length" : { + "type" : "short" + }, + "application_id" : { + "type" : "short" + }, + "original_exporter_ipv6_address" : { + "type" : "ip" + }, + "destination_ipv4_address" : { + "type" : "ip" + }, + "observation_domain_id" : { + "type" : "long" + }, + "digest_hash_value" : { + "type" : "long" + }, + "mpls_label_stack_length" : { + "type" : "long" + }, + "port_id" : { + "type" : "long" + }, + "post_layer2_octet_delta_count" : { + "type" : "long" + }, + "exporter_ipv4_address" : { + "type" : "ip" + }, + "dot1q_vlan_id" : { + "type" : "long" + }, + "hash_flow_domain" : { + "type" : "long" + }, + "external_address_realm" : { + "type" : "short" + }, + "data_link_frame_section" : { + "type" : "short" + }, + "egress_vrfid" : { + "type" : "long" + }, + "ip_diff_serv_code_point" : { + "type" : "short" + }, + "exported_flow_record_total_count" : { + "type" : "long" + }, + "application_description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "original_flows_present" : { + "type" : "long" + }, + "opaque_octets" : { + "type" : "short" + }, + "selector_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "information_element_semantics" : { + "type" : "short" + }, + "export_interface" : { + "type" : "long" + }, + "post_source_mac_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tcp_rst_total_count" : { + "type" : "long" + }, + "distinct_count_of_destination_ipv6_address" : { + "type" : "long" + }, + "octet_total_sum_of_squares" : { + "type" : "long" + }, + "hash_ip_payload_size" : { + "type" : "long" + }, + "classification_engine_id" : { + "type" : "short" + }, + "selector_id_total_pkts_observed" : { + "type" : "long" + }, + "information_element_description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "selector_id_total_flows_observed" : { + "type" : "long" + }, + "intermediate_process_id" : { + "type" : "long" + }, + "flow_end_delta_microseconds" : { + "type" : "long" + }, + "post_mcast_octet_total_count" : { + "type" : "long" + }, + "flow_selector_algorithm" : { + "type" : "long" + }, + "delta_flow_count" : { + "type" : "long" + }, + "ingress_vrfid" : { + "type" : "long" + }, + "original_flows_initiated" : { + "type" : "long" + }, + "virtual_station_uuid" : { + "type" : "short" + }, + "gre_key" : { + "type" : "long" + }, + "fragment_offset" : { + "type" : "long" + }, + "tcp_source_port" : { + "type" : "long" + }, + "flow_end_seconds" : { + "type" : "date" + }, + "ipv4_ihl" : { + "type" : "short" + }, + "dot1q_priority" : { + "type" : "short" + }, + "max_entries_per_user" : { + "type" : "long" + }, + "source_ipv6_prefix_length" : { + "type" : "short" + }, + "post_destination_mac_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "value_distribution_method" : { + "type" : "short" + }, + "mib_object_value_oid" : { + "type" : "short" + }, + "observed_flow_total_count" : { + "type" : "long" + }, + "mib_object_identifier" : { + "type" : "short" + }, + "mib_object_value_gauge" : { + "type" : "long" + }, + "post_nat_source_ipv4_address" : { + "type" : "ip" + }, + "udp_source_port" : { + "type" : "long" + }, + "not_sent_layer2_octet_total_count" : { + "type" : "long" + }, + "hash_selected_range_max" : { + "type" : "long" + }, + "post_vlan_id" : { + "type" : "long" + }, + "packet_delta_count" : { + "type" : "long" + }, + "ipv4_router_sc" : { + "type" : "ip" + }, + "layer2_frame_total_count" : { + "type" : "long" + }, + "egress_interface_type" : { + "type" : "long" + }, + "bgp_next_hop_ipv4_address" : { + "type" : "ip" + }, + "sampler_random_interval" : { + "type" : "long" + }, + "dot1q_customer_dei" : { + "type" : "boolean" + }, + "layer2packet_section_offset" : { + "type" : "long" + }, + "post_packet_delta_count" : { + "type" : "long" + }, + "destination_ipv4_prefix_length" : { + "type" : "short" + }, + "sampling_probability" : { + "type" : "double" + }, + "source_ipv4_prefix_length" : { + "type" : "short" + }, + "upper_ci_limit" : { + "type" : "double" + }, + "dot1q_service_instance_id" : { + "type" : "long" + }, + "egress_interface" : { + "type" : "long" + }, + "observation_point_id" : { + "type" : "long" + }, + "tcp_urgent_pointer" : { + "type" : "long" + }, + "source_ipv6_address" : { + "type" : "ip" + }, + "bgp_prev_adjacent_as_number" : { + "type" : "long" + }, + "export_sctp_stream_id" : { + "type" : "long" + }, + "max_flow_end_microseconds" : { + "type" : "date" + }, + "selection_sequence_id" : { + "type" : "long" + }, + "tcp_acknowledgement_number" : { + "type" : "long" + }, + "encrypted_technology" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mpls_top_label_prefix_length" : { + "type" : "short" + }, + "selector_id_total_flows_selected" : { + "type" : "long" + }, + "sampler_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "max_flow_end_seconds" : { + "type" : "date" + }, + "octet_delta_sum_of_squares" : { + "type" : "long" + }, + "sampling_population" : { + "type" : "long" + }, + "observation_time_seconds" : { + "type" : "date" + }, + "tcp_sequence_number" : { + "type" : "long" + }, + "min_flow_start_seconds" : { + "type" : "date" + }, + "monitoring_interval_end_milli_seconds" : { + "type" : "date" + }, + "flow_start_milliseconds" : { + "type" : "date" + }, + "minimum_ttl" : { + "type" : "short" + }, + "pseudo_wire_destination_ipv4_address" : { + "type" : "ip" + }, + "source_ipv4_prefix" : { + "type" : "ip" + }, + "wlan_channel_id" : { + "type" : "short" + }, + "distinct_count_of_source_ipv6_address" : { + "type" : "long" + }, + "post_dot1q_customer_vlan_id" : { + "type" : "long" + }, + "global_address_mapping_high_threshold" : { + "type" : "long" + }, + "new_connection_delta_count" : { + "type" : "long" + }, + "flow_sampling_time_interval" : { + "type" : "long" + }, + "mib_object_value_time_ticks" : { + "type" : "long" + }, + "nat_threshold_event" : { + "type" : "long" + }, + "ingress_interface_type" : { + "type" : "long" + }, + "post_layer2_octet_total_count" : { + "type" : "long" + }, + "icmp_type_code_ipv4" : { + "type" : "long" + }, + "mib_object_value_integer" : { + "type" : "long" + }, + "icmp_type_code_ipv6" : { + "type" : "long" + }, + "bgp_destination_as_number" : { + "type" : "long" + }, + "http_request_target" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "information_element_index" : { + "type" : "long" + }, + "mib_context_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "forwarding_status" : { + "type" : "short" + }, + "bgp_next_hop_ipv6_address" : { + "type" : "ip" + }, + "mpls_top_label_ipv6_address" : { + "type" : "ip" + }, + "fragment_identification" : { + "type" : "long" + }, + "user_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port_range_num_ports" : { + "type" : "long" + }, + "hash_selected_range_min" : { + "type" : "long" + }, + "exporter" : { + "properties" : { + "uptime_millis" : { + "type" : "long" + }, + "address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_id" : { + "type" : "long" + }, + "version" : { + "type" : "long" + }, + "timestamp" : { + "type" : "date" + } + } + }, + "hash_output_range_min" : { + "type" : "long" + }, + "http_content_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "selector_algorithm" : { + "type" : "long" + }, + "address_port_mapping_high_threshold" : { + "type" : "long" + }, + "flow_start_seconds" : { + "type" : "date" + }, + "mobile_imsi" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "nat_originating_address_realm" : { + "type" : "short" + }, + "tcp_destination_port" : { + "type" : "long" + }, + "application_sub_category_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "class_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "not_sent_octet_total_count" : { + "type" : "long" + }, + "responder_octets" : { + "type" : "long" + }, + "layer2_octet_delta_count" : { + "type" : "long" + }, + "information_element_data_type" : { + "type" : "short" + }, + "hash_initialiser_value" : { + "type" : "long" + }, + "flow_start_nanoseconds" : { + "type" : "date" + }, + "bgp_validity_state" : { + "type" : "short" + }, + "engine_type" : { + "type" : "short" + }, + "flow_direction" : { + "type" : "short" + }, + "dot1q_customer_source_mac_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "wtp_mac_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mpls_payload_length" : { + "type" : "long" + }, + "template_id" : { + "type" : "long" + }, + "pseudo_wire_type" : { + "type" : "long" + }, + "dot1q_customer_destination_mac_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface_description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pseudo_wire_id" : { + "type" : "long" + }, + "vlan_id" : { + "type" : "long" + }, + "hash_digest_output" : { + "type" : "boolean" + }, + "responder_packets" : { + "type" : "long" + }, + "ethernet_payload_length" : { + "type" : "long" + }, + "collector_certificate" : { + "type" : "short" + }, + "tcp_control_bits" : { + "type" : "long" + }, + "mpls_payload_packet_section" : { + "type" : "short" + }, + "anonymization_flags" : { + "type" : "long" + }, + "ingress_unicast_packet_total_count" : { + "type" : "long" + }, + "address_pool_high_threshold" : { + "type" : "long" + }, + "information_element_range_end" : { + "type" : "long" + }, + "observation_point_type" : { + "type" : "short" + }, + "ip_payload_packet_section" : { + "type" : "short" + }, + "http_status_code" : { + "type" : "long" + }, + "bgp_next_adjacent_as_number" : { + "type" : "long" + }, + "dropped_layer2_octet_delta_count" : { + "type" : "long" + }, + "destination_ipv6_prefix" : { + "type" : "ip" + }, + "common_properties_id" : { + "type" : "long" + }, + "maximum_ip_total_length" : { + "type" : "long" + }, + "exporter_ipv6_address" : { + "type" : "ip" + }, + "ip_class_of_service" : { + "type" : "short" + }, + "rfc3550_jitter_nanoseconds" : { + "type" : "long" + }, + "distinct_count_of_source_ip_address" : { + "type" : "long" + }, + "http_request_method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "is_multicast" : { + "type" : "short" + }, + "original_observation_domain_id" : { + "type" : "long" + }, + "mib_object_value_counter" : { + "type" : "long" + }, + "mib_object_value_bits" : { + "type" : "short" + }, + "ip_header_packet_section" : { + "type" : "short" + }, + "post_mcast_layer2_octet_delta_count" : { + "type" : "long" + }, + "tunnel_technology" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ingress_multicast_packet_total_count" : { + "type" : "long" + }, + "flow_idle_timeout" : { + "type" : "long" + }, + "minimum_ip_total_length" : { + "type" : "long" + }, + "max_export_seconds" : { + "type" : "date" + }, + "exported_message_total_count" : { + "type" : "long" + }, + "flow_end_nanoseconds" : { + "type" : "date" + }, + "layer2_segment_id" : { + "type" : "long" + }, + "ip_next_hop_ipv4_address" : { + "type" : "ip" + }, + "post_mcast_layer2_octet_total_count" : { + "type" : "long" + }, + "egress_physical_interface" : { + "type" : "long" + }, + "tcp_psh_total_count" : { + "type" : "long" + }, + "mib_index_indicator" : { + "type" : "long" + }, + "nat_type" : { + "type" : "short" + }, + "udp_message_length" : { + "type" : "long" + }, + "monitoring_interval_start_milli_seconds" : { + "type" : "date" + }, + "layer2packet_section_size" : { + "type" : "long" + }, + "port_range_start" : { + "type" : "long" + }, + "exported_octet_total_count" : { + "type" : "long" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_ipv4_address" : { + "type" : "ip" + }, + "post_napt_source_transport_port" : { + "type" : "long" + }, + "collector_transport_port" : { + "type" : "long" + }, + "post_dot1q_vlan_id" : { + "type" : "long" + }, + "observation_time_nanoseconds" : { + "type" : "date" + }, + "firewall_event" : { + "type" : "short" + }, + "dropped_octet_delta_count" : { + "type" : "long" + }, + "octet_total_count" : { + "type" : "long" + }, + "http_message_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flow_selected_packet_delta_count" : { + "type" : "long" + }, + "maximum_ttl" : { + "type" : "short" + }, + "flow_active_timeout" : { + "type" : "long" + }, + "post_mcast_packet_total_count" : { + "type" : "long" + }, + "dot1q_customer_priority" : { + "type" : "short" + }, + "metro_evc_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "igmp_type" : { + "type" : "short" + }, + "destination_mac_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flow_end_sys_up_time" : { + "type" : "long" + }, + "relative_error" : { + "type" : "double" + }, + "source_transport_port" : { + "type" : "long" + }, + "post_nat_source_ipv6_address" : { + "type" : "ip" + }, + "export_protocol_version" : { + "type" : "short" + }, + "mib_object_value_octet_string" : { + "type" : "short" + }, + "exporting_process_id" : { + "type" : "long" + }, + "hash_output_range_max" : { + "type" : "long" + }, + "max_subscribers" : { + "type" : "long" + }, + "dot1q_service_instance_priority" : { + "type" : "short" + }, + "ip_header_length" : { + "type" : "short" + }, + "sampling_algorithm" : { + "type" : "short" + }, + "ingress_broadcast_packet_total_count" : { + "type" : "long" + }, + "mib_object_syntax" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "min_flow_start_microseconds" : { + "type" : "date" + }, + "data_link_frame_size" : { + "type" : "long" + }, + "layer2_octet_total_count" : { + "type" : "long" + }, + "ip_ttl" : { + "type" : "short" + }, + "private_enterprise_number" : { + "type" : "long" + }, + "ignored_layer2_octet_total_count" : { + "type" : "long" + }, + "flow_start_microseconds" : { + "type" : "date" + }, + "address_port_mapping_low_threshold" : { + "type" : "long" + }, + "collector_ipv6_address" : { + "type" : "ip" + }, + "max_flow_end_milliseconds" : { + "type" : "date" + }, + "absolute_error" : { + "type" : "double" + }, + "observation_time_microseconds" : { + "type" : "date" + }, + "minimum_layer2_total_length" : { + "type" : "long" + }, + "flow_end_microseconds" : { + "type" : "date" + }, + "padding_octets" : { + "type" : "short" + }, + "layer2_octet_delta_sum_of_squares" : { + "type" : "long" + }, + "ethernet_total_length" : { + "type" : "long" + }, + "application_group_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dot1q_dei" : { + "type" : "boolean" + }, + "mpls_top_label_exp" : { + "type" : "short" + }, + "ipv4_options" : { + "type" : "long" + }, + "virtual_station_interface_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fragment_flags" : { + "type" : "short" + }, + "system_init_time_milliseconds" : { + "type" : "date" + }, + "destination_ipv6_address" : { + "type" : "ip" + }, + "message_scope" : { + "type" : "short" + }, + "connection_transaction_id" : { + "type" : "long" + }, + "ip_payload_length" : { + "type" : "long" + }, + "dot1q_service_instance_tag" : { + "type" : "short" + }, + "flow_end_reason" : { + "type" : "short" + }, + "flow_duration_milliseconds" : { + "type" : "long" + }, + "selector_id_total_pkts_selected" : { + "type" : "long" + }, + "original_exporter_ipv4_address" : { + "type" : "ip" + }, + "virtual_station_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "flow_id" : { + "type" : "long" + }, + "port_range_end" : { + "type" : "long" + }, + "post_mpls_top_label_exp" : { + "type" : "short" + }, + "ignored_data_record_total_count" : { + "type" : "long" + }, + "flow_selected_flow_delta_count" : { + "type" : "long" + }, + "tcp_syn_total_count" : { + "type" : "long" + }, + "export_transport_protocol" : { + "type" : "short" + }, + "ip_sec_spi" : { + "type" : "long" + }, + "rfc3550_jitter_milliseconds" : { + "type" : "long" + }, + "post_napt_destination_transport_port" : { + "type" : "long" + }, + "max_bib_entries" : { + "type" : "long" + }, + "maximum_layer2_total_length" : { + "type" : "long" + }, + "layer2packet_section_data" : { + "type" : "short" + }, + "egress_broadcast_packet_total_count" : { + "type" : "long" + }, + "transport_octet_delta_count" : { + "type" : "long" + }, + "rfc3550_jitter_microseconds" : { + "type" : "long" + }, + "line_card_id" : { + "type" : "long" + }, + "layer2_frame_delta_count" : { + "type" : "long" + }, + "ethernet_header_length" : { + "type" : "short" + }, + "flow_key_indicator" : { + "type" : "long" + }, + "interface_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mpls_vpn_route_distinguisher" : { + "type" : "short" + }, + "icmp_type_ipv4" : { + "type" : "short" + }, + "message_md5_checksum" : { + "type" : "short" + }, + "flags_and_sampler_id" : { + "type" : "long" + }, + "icmp_type_ipv6" : { + "type" : "short" + }, + "distinct_count_of_source_ipv4_address" : { + "type" : "long" + }, + "packet_total_count" : { + "type" : "long" + }, + "mib_context_engine_id" : { + "type" : "short" + }, + "mib_sub_identifier" : { + "type" : "long" + }, + "post_packet_total_count" : { + "type" : "long" + }, + "sampling_packet_space" : { + "type" : "long" + }, + "p2p_technology" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "min_export_seconds" : { + "type" : "date" + }, + "egress_unicast_packet_total_count" : { + "type" : "long" + }, + "exporter_transport_port" : { + "type" : "long" + }, + "distinct_count_of_destination_ipv4_address" : { + "type" : "long" + }, + "flow_label_ipv6" : { + "type" : "long" + }, + "ignored_octet_total_count" : { + "type" : "long" + }, + "observation_time_milliseconds" : { + "type" : "date" + }, + "nat_quota_exceeded_event" : { + "type" : "long" + }, + "max_flow_end_nanoseconds" : { + "type" : "date" + }, + "mpls_top_label_ttl" : { + "type" : "short" + }, + "mib_object_description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "engine_id" : { + "type" : "short" + }, + "section_offset" : { + "type" : "long" + }, + "flow_end_milliseconds" : { + "type" : "date" + }, + "ip_precedence" : { + "type" : "short" + }, + "collection_time_milliseconds" : { + "type" : "date" + } + } + }, + "apache" : { + "properties" : { + "access" : { + "properties" : { + "ssl" : { + "properties" : { + "cipher" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "error" : { + "properties" : { + "module" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "timeseries" : { + "properties" : { + "instance" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "ecs" : { + "properties" : { + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "code_signature" : { + "properties" : { + "valid" : { + "type" : "boolean" + }, + "trusted" : { + "type" : "boolean" + }, + "subject_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "exists" : { + "type" : "boolean" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "host" : { + "properties" : { + "os" : { + "properties" : { + "build" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "kernel" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "codename" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "family" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "platform" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "full" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + } + } + }, + "ip" : { + "type" : "ip" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uptime" : { + "type" : "long" + }, + "geo" : { + "properties" : { + "region_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "continent_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location" : { + "type" : "geo_point" + }, + "region_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "hostname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "containerized" : { + "type" : "boolean" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "properties" : { + "full_name" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "roles" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "architecture" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "mysql" : { + "properties" : { + "thread_id" : { + "type" : "long" + }, + "slowlog" : { + "properties" : { + "schema" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tmp_table_sizes" : { + "type" : "long" + }, + "read_rnd_next" : { + "type" : "long" + }, + "read_last" : { + "type" : "long" + }, + "rows_examined" : { + "type" : "long" + }, + "bytes_received" : { + "type" : "long" + }, + "sort_merge_passes" : { + "type" : "long" + }, + "innodb" : { + "properties" : { + "trx_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "io_r_ops" : { + "type" : "long" + }, + "io_r_wait" : { + "properties" : { + "sec" : { + "type" : "long" + } + } + }, + "rec_lock_wait" : { + "properties" : { + "sec" : { + "type" : "long" + } + } + }, + "queue_wait" : { + "properties" : { + "sec" : { + "type" : "long" + } + } + }, + "pages_distinct" : { + "type" : "long" + }, + "io_r_bytes" : { + "type" : "long" + } + } + }, + "tmp_disk_tables" : { + "type" : "long" + }, + "sort_range_count" : { + "type" : "long" + }, + "sort_rows" : { + "type" : "long" + }, + "filesort_on_disk" : { + "type" : "boolean" + }, + "tmp_tables" : { + "type" : "long" + }, + "read_prev" : { + "type" : "long" + }, + "full_join" : { + "type" : "boolean" + }, + "current_user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_slow_rate_limit" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_slow_rate_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "read_next" : { + "type" : "long" + }, + "priority_queue" : { + "type" : "boolean" + }, + "full_scan" : { + "type" : "boolean" + }, + "query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sort_scan_count" : { + "type" : "long" + }, + "read_first" : { + "type" : "long" + }, + "merge_passes" : { + "type" : "long" + }, + "filesort" : { + "type" : "boolean" + }, + "bytes_sent" : { + "type" : "long" + }, + "killed" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tmp_table" : { + "type" : "boolean" + }, + "lock_time" : { + "properties" : { + "sec" : { + "type" : "float" + } + } + }, + "read_rnd" : { + "type" : "long" + }, + "rows_sent" : { + "type" : "long" + }, + "rows_affected" : { + "type" : "long" + }, + "read_key" : { + "type" : "long" + }, + "last_errno" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "query_cache_hit" : { + "type" : "boolean" + }, + "tmp_table_on_disk" : { + "type" : "boolean" + } + } + }, + "error" : { + "properties" : { } + } + } + }, + "group" : { + "properties" : { + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "tracing" : { + "properties" : { + "trace" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "transaction" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "span" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "package" : { + "properties" : { + "installed" : { + "type" : "date" + }, + "build_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reference" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "license" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "install_scope" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "size" : { + "type" : "long" + }, + "checksum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "architecture" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "nginx" : { + "properties" : { + "access" : { + "properties" : { + "geoip" : { + "properties" : { } + }, + "user_agent" : { + "properties" : { } + } + } + }, + "ingress_controller" : { + "properties" : { + "upstream" : { + "properties" : { + "alternative_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port" : { + "type" : "long" + }, + "response" : { + "properties" : { + "status_code" : { + "type" : "long" + }, + "length" : { + "type" : "long" + }, + "length_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "time_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status_code_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "time" : { + "type" : "double" + } + } + }, + "ip" : { + "type" : "ip" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "geoip" : { + "properties" : { } + }, + "upstream_address_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "http" : { + "properties" : { + "request" : { + "properties" : { + "length" : { + "type" : "long" + }, + "time" : { + "type" : "double" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "user_agent" : { + "properties" : { } + } + } + }, + "error" : { + "properties" : { + "connection_id" : { + "type" : "long" + } + } + } + } + }, + "x509" : { + "properties" : { + "not_after" : { + "type" : "date" + }, + "public_key_exponent" : { + "index" : false, + "type" : "long" + }, + "not_before" : { + "type" : "date" + }, + "subject" : { + "properties" : { + "state_or_province" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distinguished_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "public_key_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_curve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "signature_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_size" : { + "type" : "long" + }, + "version_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "serial_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alternative_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issuer" : { + "properties" : { + "state_or_province" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distinguished_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "sophos" : { + "properties" : { + "xg" : { + "properties" : { + "transmittederrors" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trans_dst_ip" : { + "type" : "ip" + }, + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "av_policy_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Configuration" : { + "type" : "float" + }, + "override_token" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ips_policy_id" : { + "type" : "long" + }, + "starttime" : { + "type" : "date" + }, + "sessionid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context_suffix" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "application_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_cpu" : { + "type" : "float" + }, + "newversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "appfilter_policy_id" : { + "type" : "long" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "PHPSESSID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "auth_mechanism" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "idp_policy_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fw_rule_id" : { + "type" : "long" + }, + "transaction_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "appresolvedby" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "cookie" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "upload_file_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "receivederrors" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "to_email_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "classification" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "priority" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "FTP_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ap" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dictionary_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srczone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "override_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "policy_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "localnetwork" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filename" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "login_user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstzone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eventtype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "activityname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "application_technology" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "server" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dir_disp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trans_src_ ip" : { + "type" : "ip" + }, + "mailsize" : { + "type" : "long" + }, + "remotenetwork" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filesize" : { + "type" : "long" + }, + "transmitteddrops" : { + "type" : "long" + }, + "site_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "virus" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ssid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "quarantine_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "srczonetype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "localgateway" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "app_is_cloud" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "signature_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_memory" : { + "type" : "long" + }, + "application_risk" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_host_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstzonetype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "iap" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "responsetime" : { + "type" : "long" + }, + "free" : { + "type" : "long" + }, + "context_match" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timestamp" : { + "type" : "date" + }, + "out_interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "application_category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "website" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "collisions" : { + "type" : "long" + }, + "log_subtype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "httpresponsecode" : { + "type" : "long" + }, + "transmittedkbits" : { + "type" : "long" + }, + "message_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_priority" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connevent" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file_size" : { + "type" : "long" + }, + "url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trans_src_port" : { + "type" : "long" + }, + "oldversion" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "recv_bytes" : { + "type" : "long" + }, + "auth_client" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha1sum" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_port" : { + "type" : "long" + }, + "quarantine" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "date" : { + "type" : "date" + }, + "file_path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "referer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context_prefix" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "override_authorizer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eventtime" : { + "type" : "date" + }, + "source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "used" : { + "type" : "long" + }, + "protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "remote_ip" : { + "type" : "ip" + }, + "sourceip" : { + "type" : "ip" + }, + "filepath" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_country_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "clients_conn_ssid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mailid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "from_email_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "raw_data" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "application_filter_policy" : { + "type" : "long" + }, + "vconn_id" : { + "type" : "long" + }, + "domainname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connectionname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "querystring" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ep_uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "download_file_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "exceptions" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "users" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "start_time" : { + "type" : "date" + }, + "unit" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "FTP_direction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "execution_path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "conn_id" : { + "type" : "long" + }, + "backup_mode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email_subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_country_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eventid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ipaddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "idp_policy_id" : { + "type" : "long" + }, + "status_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "receiveddrops" : { + "type" : "long" + }, + "signature_msg" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "in_interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "con_id" : { + "type" : "long" + }, + "ftpcommand" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "received_pkts" : { + "type" : "long" + }, + "spamaction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "upload_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_domainname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dst_ip" : { + "type" : "ip" + }, + "platform" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "transactionid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "system_cpu" : { + "type" : "float" + }, + "red_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sent_bytes" : { + "type" : "long" + }, + "duration" : { + "type" : "long" + }, + "src_ip" : { + "type" : "ip" + }, + "device_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Temp" : { + "type" : "float" + }, + "client_physical_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "branch_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extra" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connectiontype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "direction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dstdomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "trans_dst_port" : { + "type" : "long" + }, + "src_mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sent_pkts" : { + "type" : "long" + }, + "log_component" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hb_health" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_gp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Mode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Reports" : { + "type" : "float" + }, + "idle_cpu" : { + "type" : "float" + }, + "message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "threatname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "target" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "contenttype" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "src_port" : { + "type" : "long" + }, + "destinationip" : { + "type" : "ip" + }, + "receivedkbits" : { + "type" : "long" + }, + "updatedip" : { + "type" : "ip" + }, + "SysLog_SERVER_NAME" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "application" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Signature" : { + "type" : "float" + }, + "src_domainname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "download_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "http" : { + "properties" : { + "request" : { + "properties" : { + "referrer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bytes" : { + "type" : "long" + }, + "body" : { + "properties" : { + "bytes" : { + "type" : "long" + }, + "content" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + } + } + } + } + }, + "response" : { + "properties" : { + "status_code" : { + "type" : "long" + }, + "bytes" : { + "type" : "long" + }, + "body" : { + "properties" : { + "bytes" : { + "type" : "long" + }, + "content" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + } + } + } + } + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "fields" : { + "type" : "object" + }, + "gsuite" : { + "properties" : { + "actor" : { + "properties" : { + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "key" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "kind" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "properties" : { + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "saml" : { + "properties" : { + "initiated_by" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status_code" : { + "type" : "long" + }, + "application_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "second_level_status_code" : { + "type" : "long" + }, + "failure_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "orgunit_path" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "admin" : { + "properties" : { + "request" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "info_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "role" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "bulk_upload" : { + "properties" : { + "total" : { + "type" : "long" + }, + "failed" : { + "type" : "long" + } + } + }, + "print_server" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "chrome_licenses" : { + "properties" : { + "allowed" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "enabled" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "non_featured_services_selection" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "privilege" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "oauth2" : { + "properties" : { + "application" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "service" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "email_monitor" : { + "properties" : { + "level" : { + "properties" : { + "incoming" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "outgoing" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "chat" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "draft" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "dest_email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "distribution" : { + "properties" : { + "entity" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "setting" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "alert" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "verification_method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "chrome_os" : { + "properties" : { + "session_type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "api" : { + "properties" : { + "client" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "scopes" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "managed_configuration" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "new_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "properties" : { + "log_search_filter" : { + "properties" : { + "end_date" : { + "type" : "date" + }, + "sender" : { + "properties" : { + "ip" : { + "type" : "ip" + }, + "value" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "recipient" : { + "properties" : { + "ip" : { + "type" : "ip" + }, + "value" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "message_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "start_date" : { + "type" : "date" + } + } + }, + "quarantine_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "group" : { + "properties" : { + "priorities" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "allowed_list" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "org_unit" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "full" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "product" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sku" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "user_defined_setting" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "resource" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "email_dump" : { + "properties" : { + "query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "include_deleted" : { + "type" : "boolean" + }, + "package_content" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "printer" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "mobile" : { + "properties" : { + "company_owned_devices" : { + "type" : "long" + }, + "certificate" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "action" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "url" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "application" : { + "properties" : { + "licences_purchased" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "asp_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "licences_order_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "edition" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "package_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "enabled" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "field" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "service" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "mdm" : { + "properties" : { + "vendor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "token" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "domain" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alias" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "secondary_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "old_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device" : { + "properties" : { + "command_details" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "serial_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "user" : { + "properties" : { + "birthdate" : { + "type" : "date" + }, + "nickname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "gateway" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "groups" : { + "properties" : { + "member" : { + "properties" : { + "role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "old_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "properties" : { + "moderation_action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "new_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "acl_permission" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "setting" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "event" : { + "properties" : { + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "login" : { + "properties" : { + "affected_email_address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "challenge_method" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "is_suspicious" : { + "type" : "boolean" + }, + "failure_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "is_second_factor" : { + "type" : "boolean" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "drive" : { + "properties" : { + "old_visibility" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "membership_change_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "originating_app_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "visibility" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destination_folder_title" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "removed_role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "target_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "billable" : { + "type" : "boolean" + }, + "sheets_import_range_recipient_doc" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destination_folder_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "target" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file" : { + "properties" : { + "owner" : { + "properties" : { + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "is_shared_drive" : { + "type" : "boolean" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "primary_event" : { + "type" : "boolean" + }, + "shared_drive_settings_change_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_folder_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "shared_drive_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_folder_title" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "old_value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "added_role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "visibility_change" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "new_value" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "iptables" : { + "properties" : { + "tcp" : { + "properties" : { + "reserved_bits" : { + "type" : "short" + }, + "flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ack" : { + "type" : "long" + }, + "window" : { + "type" : "long" + }, + "seq" : { + "type" : "long" + } + } + }, + "udp" : { + "properties" : { + "length" : { + "type" : "long" + } + } + }, + "fragment_offset" : { + "type" : "long" + }, + "flow_label" : { + "type" : "long" + }, + "input_device" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "precedence_bits" : { + "type" : "short" + }, + "length" : { + "type" : "long" + }, + "fragment_flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "icmp" : { + "properties" : { + "redirect" : { + "type" : "ip" + }, + "code" : { + "type" : "long" + }, + "parameter" : { + "type" : "long" + }, + "id" : { + "type" : "long" + }, + "type" : { + "type" : "long" + }, + "seq" : { + "type" : "long" + } + } + }, + "ttl" : { + "type" : "long" + }, + "ubiquiti" : { + "properties" : { + "output_zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "input_zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_set" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rule_number" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "ether_type" : { + "type" : "long" + }, + "tos" : { + "type" : "long" + }, + "output_device" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "type" : "long" + }, + "incomplete_bytes" : { + "type" : "long" + } + } + }, + "coredns" : { + "properties" : { + "response" : { + "properties" : { + "code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "size" : { + "type" : "long" + }, + "flags" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "query" : { + "properties" : { + "size" : { + "type" : "long" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "class" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "dnssec_ok" : { + "type" : "boolean" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "object_key" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "traefik" : { + "properties" : { + "access" : { + "properties" : { + "user_identifier" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "geoip" : { + "properties" : { + "region_iso_code" : { + "path" : "source.geo.region_iso_code", + "type" : "alias" + }, + "continent_name" : { + "path" : "source.geo.continent_name", + "type" : "alias" + }, + "city_name" : { + "path" : "source.geo.city_name", + "type" : "alias" + }, + "country_iso_code" : { + "path" : "source.geo.country_iso_code", + "type" : "alias" + }, + "location" : { + "path" : "source.geo.location", + "type" : "alias" + }, + "region_name" : { + "path" : "source.geo.region_name", + "type" : "alias" + } + } + }, + "frontend_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "backend_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_agent" : { + "properties" : { + "original" : { + "path" : "user_agent.original", + "type" : "alias" + }, + "os" : { + "path" : "user_agent.os.full_name", + "type" : "alias" + }, + "name" : { + "path" : "user_agent.name", + "type" : "alias" + }, + "os_name" : { + "path" : "user_agent.os.name", + "type" : "alias" + }, + "device" : { + "path" : "user_agent.device.name", + "type" : "alias" + } + } + }, + "request_count" : { + "type" : "long" + } + } + } + } + }, + "destination" : { + "properties" : { + "nat" : { + "properties" : { + "port" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + } + } + }, + "address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "top_level_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip" : { + "type" : "ip" + }, + "packets" : { + "type" : "long" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "geo" : { + "properties" : { + "region_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "continent_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "region_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location" : { + "type" : "geo_point" + } + } + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + } + } + } + } + }, + "registered_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port" : { + "type" : "long" + }, + "service" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "bytes" : { + "type" : "long" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "properties" : { + "full_name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "roles" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "rule" : { + "properties" : { + "reference" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "license" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "author" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ruleset" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "category" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "misp" : { + "properties" : { + "note" : { + "properties" : { + "summary" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "object_refs" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authors" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "attack_pattern" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "kill_chain_phases" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "intrusion_set" : { + "properties" : { + "primary_motivation" : { + "norms" : false, + "type" : "text" + }, + "aliases" : { + "norms" : false, + "type" : "text" + }, + "first_seen" : { + "type" : "date" + }, + "last_seen" : { + "type" : "date" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resource_level" : { + "norms" : false, + "type" : "text" + }, + "secondary_motivations" : { + "norms" : false, + "type" : "text" + }, + "goals" : { + "norms" : false, + "type" : "text" + } + } + }, + "malware" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "kill_chain_phases" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "labels" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "vulnerability" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "tool" : { + "properties" : { + "tool_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "kill_chain_phases" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "labels" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "observed_data" : { + "properties" : { + "first_observed" : { + "type" : "date" + }, + "number_observed" : { + "type" : "long" + }, + "last_observed" : { + "type" : "date" + }, + "objects" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "threat_actor" : { + "properties" : { + "personal_motivations" : { + "norms" : false, + "type" : "text" + }, + "aliases" : { + "norms" : false, + "type" : "text" + }, + "primary_motivation" : { + "norms" : false, + "type" : "text" + }, + "sophistication" : { + "norms" : false, + "type" : "text" + }, + "roles" : { + "norms" : false, + "type" : "text" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resource_level" : { + "norms" : false, + "type" : "text" + }, + "goals" : { + "norms" : false, + "type" : "text" + }, + "labels" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "secondary_motivations" : { + "norms" : false, + "type" : "text" + } + } + }, + "course_of_action" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "identity" : { + "properties" : { + "identity_class" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sectors" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "contact_information" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "labels" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "report" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "published" : { + "type" : "date" + }, + "object_refs" : { + "norms" : false, + "type" : "text" + }, + "labels" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "threat_indicator" : { + "properties" : { + "severity" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "attack_pattern" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_tactic" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "intrusion_set" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "confidence" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "valid_from" : { + "type" : "date" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mitre_technique" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "labels" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "feed" : { + "norms" : false, + "type" : "text" + }, + "threat_actor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "valid_until" : { + "type" : "date" + }, + "attack_pattern_kql" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "negate" : { + "type" : "boolean" + }, + "campaign" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "kill_chain_phases" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "campaign" : { + "properties" : { + "first_seen" : { + "type" : "date" + }, + "aliases" : { + "norms" : false, + "type" : "text" + }, + "last_seen" : { + "type" : "date" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "norms" : false, + "type" : "text" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "objective" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "auditd" : { + "properties" : { + "log" : { + "properties" : { + "new_auid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "item" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "laddr" : { + "type" : "ip" + }, + "new_ses" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "geoip" : { + "properties" : { } + }, + "old_ses" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "rport" : { + "type" : "long" + }, + "lport" : { + "type" : "long" + }, + "a0" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sequence" : { + "type" : "long" + }, + "old_auid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tty" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "addr" : { + "type" : "ip" + }, + "items" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "error" : { + "properties" : { + "code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "stack_trace" : { + "ignore_above" : 1024, + "index" : false, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "norms" : false, + "type" : "text" + } + } + }, + "interface" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alias" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "santa" : { + "properties" : { + "mode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "disk" : { + "properties" : { + "volume" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bus" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "serial" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bsdname" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "model" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "fs" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mount" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "decision" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "certificate" : { + "properties" : { + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "docker" : { + "properties" : { + "container" : { + "properties" : { + "labels" : { + "type" : "object" + } + } + }, + "attrs" : { + "type" : "object" + } + } + }, + "network" : { + "properties" : { + "transport" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "inner" : { + "type" : "object", + "properties" : { + "vlan" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "packets" : { + "type" : "long" + }, + "protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "forwarded_ip" : { + "type" : "ip" + }, + "community_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "application" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vlan" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "bytes" : { + "type" : "long" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "iana_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "direction" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "related" : { + "properties" : { + "hosts" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip" : { + "type" : "ip" + }, + "user" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "postgresql" : { + "properties" : { + "log" : { + "properties" : { + "database" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "core_id" : { + "type" : "long" + }, + "query_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "query" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "query_step" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "error" : { + "properties" : { + "code" : { + "type" : "long" + } + } + }, + "timestamp" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "client" : { + "properties" : { + "nat" : { + "properties" : { + "port" : { + "type" : "long" + }, + "ip" : { + "type" : "ip" + } + } + }, + "address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "top_level_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip" : { + "type" : "ip" + }, + "mac" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "packets" : { + "type" : "long" + }, + "geo" : { + "properties" : { + "region_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "continent_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_iso_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "location" : { + "type" : "geo_point" + }, + "region_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "as" : { + "properties" : { + "number" : { + "type" : "long" + }, + "organization" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + } + } + } + } + }, + "registered_domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "port" : { + "type" : "long" + }, + "bytes" : { + "type" : "long" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user" : { + "properties" : { + "full_name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "roles" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "mongodb" : { + "properties" : { + "log" : { + "properties" : { + "component" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "context" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "crowdstrike" : { + "properties" : { + "metadata" : { + "properties" : { + "offset" : { + "type" : "long" + }, + "eventCreationTime" : { + "type" : "date" + }, + "customerIDString" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "eventType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "event" : { + "properties" : { + "SensorId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Tactic" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "StartTimestamp" : { + "type" : "date" + }, + "EventType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ParentProcessId" : { + "type" : "long" + }, + "UTCTimestamp" : { + "type" : "date" + }, + "RuleFamilyID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "EndTimestamp" : { + "type" : "date" + }, + "FalconHostLink" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "GrandparentImageFileName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Ipv" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Success" : { + "type" : "boolean" + }, + "SHA1String" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ProcessEndTime" : { + "type" : "date" + }, + "IOCValue" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "TreeID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "MatchCount" : { + "type" : "long" + }, + "ParentCommandLine" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "SessionId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "PolicyID" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "RuleName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "HostName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "LocalAddress" : { + "type" : "ip" + }, + "PatternDispositionFlags" : { + "type" : "object" + }, + "PatternDispositionDescription" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ICMPCode" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "CustomerId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Objective" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ServiceName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ImageFileName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "State" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "PolicyName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "DetectName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ComputerName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ProcessStartTime" : { + "type" : "date" + }, + "IncidentStartTime" : { + "type" : "date" + }, + "Technique" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "LateralMovement" : { + "type" : "long" + }, + "FineScore" : { + "type" : "float" + }, + "RemoteAddress" : { + "type" : "ip" + }, + "DeviceId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "RuleGroupName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "RuleAction" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "FileName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "RuleId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ParentImageFileName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "MachineDomain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Timestamp" : { + "type" : "date" + }, + "AuditKeyValues" : { + "type" : "nested" + }, + "ExecutablesWritten" : { + "type" : "nested" + }, + "MatchCountSinceLastReport" : { + "type" : "long" + }, + "LocalIP" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "DetectDescription" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Commands" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "Protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "FilePath" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "RuleDescription" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "UserIp" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "UserName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "OperationName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "MD5String" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "RemotePort" : { + "type" : "long" + }, + "IncidentEndTime" : { + "type" : "date" + }, + "SeverityName" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "PID" : { + "type" : "long" + }, + "Severity" : { + "type" : "long" + }, + "PatternDispositionValue" : { + "type" : "long" + }, + "Flags" : { + "properties" : { + "Audit" : { + "type" : "boolean" + }, + "Monitor" : { + "type" : "boolean" + }, + "Log" : { + "type" : "boolean" + } + } + }, + "DetectId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "HostnameField" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "SHA256String" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "CommandLine" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "NetworkProfile" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "MACAddress" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "GrandparentCommandLine" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "LocalPort" : { + "type" : "long" + }, + "UserId" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "IOCType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ProcessId" : { + "type" : "long" + }, + "ICMPType" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ConnectionDirection" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "googlecloud" : { + "properties" : { + "firewall" : { + "properties" : { + "rule_details" : { + "properties" : { + "reference" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_service_account" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_range" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "target_service_account" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source_tag" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "destination_range" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "target_tag" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "priority" : { + "type" : "long" + }, + "direction" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "vpcflow" : { + "properties" : { + "rtt" : { + "properties" : { + "ms" : { + "type" : "long" + } + } + }, + "reporter" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "audit" : { + "properties" : { + "request" : { + "properties" : { + "filter" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "proto_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resource_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "authentication_info" : { + "properties" : { + "principal_email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authority_selector" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "method_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_metadata" : { + "properties" : { + "caller_ip" : { + "type" : "ip" + }, + "caller_supplied_user_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "response" : { + "properties" : { + "proto_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "details" : { + "properties" : { + "uid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "kind" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "service_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "num_response_items" : { + "type" : "long" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resource_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resource_location" : { + "properties" : { + "current_locations" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "status" : { + "properties" : { + "code" : { + "type" : "long" + }, + "message" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "destination" : { + "properties" : { + "instance" : { + "properties" : { + "project_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "region" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "vpc" : { + "properties" : { + "vpc_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "project_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subnetwork_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "source" : { + "properties" : { + "instance" : { + "properties" : { + "zone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "project_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "region" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "vpc" : { + "properties" : { + "vpc_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "project_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subnetwork_name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "user_agent" : { + "properties" : { + "original" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "os" : { + "properties" : { + "full_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "kernel" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "family" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "platform" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "full" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + } + } + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "jolokia" : { + "properties" : { + "server" : { + "properties" : { + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vendor" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "agent" : { + "properties" : { + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "secured" : { + "type" : "boolean" + }, + "url" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "registry" : { + "properties" : { + "hive" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "data" : { + "properties" : { + "strings" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bytes" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "value" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "key" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "process" : { + "properties" : { + "parent" : { + "properties" : { + "pgid" : { + "type" : "long" + }, + "start" : { + "type" : "date" + }, + "working_directory" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "pid" : { + "type" : "long" + }, + "thread" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "type" : "long" + } + } + }, + "title" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "entity_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "executable" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "ppid" : { + "type" : "long" + }, + "uptime" : { + "type" : "long" + }, + "args" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "code_signature" : { + "properties" : { + "valid" : { + "type" : "boolean" + }, + "trusted" : { + "type" : "boolean" + }, + "subject_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "exists" : { + "type" : "boolean" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "pe" : { + "properties" : { + "file_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "imphash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "company" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "original_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "architecture" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "exit_code" : { + "type" : "long" + }, + "args_count" : { + "type" : "long" + }, + "command_line" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "hash" : { + "properties" : { + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha512" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "pgid" : { + "type" : "long" + }, + "start" : { + "type" : "date" + }, + "pid" : { + "type" : "long" + }, + "working_directory" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "thread" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "type" : "long" + } + } + }, + "program" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "entity_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "title" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "executable" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "ppid" : { + "type" : "long" + }, + "uptime" : { + "type" : "long" + }, + "args" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "code_signature" : { + "properties" : { + "valid" : { + "type" : "boolean" + }, + "trusted" : { + "type" : "boolean" + }, + "subject_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "exists" : { + "type" : "boolean" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "pe" : { + "properties" : { + "file_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "imphash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "company" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "original_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "architecture" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "exit_code" : { + "type" : "long" + }, + "args_count" : { + "type" : "long" + }, + "hash" : { + "properties" : { + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha512" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "command_line" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + } + } + }, + "osquery" : { + "properties" : { + "result" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "unix_time" : { + "type" : "long" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "calendar_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_identifier" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "os" : { + "properties" : { + "kernel" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "family" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "platform" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "full" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + } + } + }, + "dll" : { + "properties" : { + "path" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "code_signature" : { + "properties" : { + "valid" : { + "type" : "boolean" + }, + "trusted" : { + "type" : "boolean" + }, + "subject_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "exists" : { + "type" : "boolean" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "pe" : { + "properties" : { + "file_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "imphash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "company" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "original_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "architecture" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "properties" : { + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha512" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "zoom" : { + "properties" : { + "settings" : { + "type" : "flattened" + }, + "operator_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "recording" : { + "properties" : { + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_size" : { + "type" : "long" + }, + "recording_count" : { + "type" : "long" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "duration" : { + "type" : "long" + }, + "start_time" : { + "type" : "date" + }, + "recording_file" : { + "properties" : { + "recording_end" : { + "type" : "date" + }, + "recording_start" : { + "type" : "date" + } + } + }, + "share_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "topic" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "zoomroom" : { + "properties" : { + "room_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "component" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "change_key" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "calendar_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issue" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resource_email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alert_kind" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "calendar_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alert_type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "chat_message" : { + "properties" : { + "channel_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "session_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "contact_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "channel_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "contact_email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "sub_account_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "participant" : { + "properties" : { + "leave_time" : { + "type" : "date" + }, + "user_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "user_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sharing_details" : { + "properties" : { + "link_source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "date_time" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "file_link" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "source" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "content" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "join_time" : { + "type" : "date" + } + } + }, + "operator" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "chat_channel" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "account_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "phone" : { + "properties" : { + "answer_start_time" : { + "type" : "date" + }, + "duration" : { + "type" : "long" + }, + "caller" : { + "properties" : { + "user_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extension_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "phone_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "number_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extension_type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "call_end_time" : { + "type" : "date" + }, + "date_time" : { + "type" : "date" + }, + "user_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "callee" : { + "properties" : { + "user_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extension_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "phone_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "device_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "number_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "extension_type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "download_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ringing_start_time" : { + "type" : "date" + }, + "connected_start_time" : { + "type" : "date" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "call_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "creation_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "old_values" : { + "type" : "flattened" + }, + "master_account_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "registrant" : { + "properties" : { + "zip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "purchasing_time_frame" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "join_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "address" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "comments" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "city" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "org" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "no_of_employees" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "last_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "industry" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "phone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "role_in_purchase_process" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "first_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "job_title" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "status" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "meeting" : { + "properties" : { + "duration" : { + "type" : "long" + }, + "start_time" : { + "type" : "date" + }, + "password" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "topic" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issues" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "user" : { + "properties" : { + "personal_notes" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "presence_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "role" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vanity_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "use_pmi" : { + "type" : "boolean" + }, + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "last_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "language" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "dept" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pmi" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_key" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "phone_country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "phone_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "company" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pic_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "first_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "account" : { + "properties" : { + "owner_email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "account_support_email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "owner_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "account_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "account_support_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "account_alias" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "webinar" : { + "properties" : { + "duration" : { + "type" : "long" + }, + "start_time" : { + "type" : "date" + }, + "join_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "password" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "timezone" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "topic" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issues" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "uuid" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "agenda" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "timestamp" : { + "type" : "date" + } + } + }, + "message" : { + "norms" : false, + "type" : "text" + }, + "ibmmq" : { + "properties" : { + "errorlog" : { + "properties" : { + "qmgr" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "errordescription" : { + "norms" : false, + "type" : "text" + }, + "code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "commentinsert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "installation" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "arithinsert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "explanation" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "envoyproxy" : { + "properties" : { + "response_flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "authority" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "upstream_service_time" : { + "type" : "long" + }, + "request_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "proxy_type" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "pe" : { + "properties" : { + "file_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "product" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "imphash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "description" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "company" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "original_file_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "architecture" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "service" : { + "properties" : { + "node" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ephemeral_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "tls" : { + "properties" : { + "cipher" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "established" : { + "type" : "boolean" + }, + "server" : { + "properties" : { + "not_after" : { + "type" : "date" + }, + "x509" : { + "properties" : { + "not_after" : { + "type" : "date" + }, + "public_key_exponent" : { + "index" : false, + "type" : "long" + }, + "not_before" : { + "type" : "date" + }, + "subject" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state_or_province" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distinguished_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "public_key_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_curve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "signature_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alternative_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issuer" : { + "properties" : { + "state_or_province" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distinguished_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "not_before" : { + "type" : "date" + }, + "ja3s" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "certificate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "properties" : { + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "certificate_chain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issuer" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "curve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "client" : { + "properties" : { + "not_after" : { + "type" : "date" + }, + "x509" : { + "properties" : { + "not_after" : { + "type" : "date" + }, + "public_key_exponent" : { + "index" : false, + "type" : "long" + }, + "subject" : { + "properties" : { + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "state_or_province" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distinguished_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "not_before" : { + "type" : "date" + }, + "public_key_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_curve" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "signature_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_size" : { + "type" : "long" + }, + "serial_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version_number" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "alternative_names" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issuer" : { + "properties" : { + "state_or_province" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "country" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organization" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "distinguished_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "locality" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "common_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "organizational_unit" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "server_name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "not_before" : { + "type" : "date" + }, + "subject" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "supported_ciphers" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "certificate" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ja3" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "issuer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "certificate_chain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "properties" : { + "sha1" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "sha256" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "md5" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "next_protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "resumed" : { + "type" : "boolean" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version_protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "threat" : { + "properties" : { + "framework" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "technique" : { + "properties" : { + "reference" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "tactic" : { + "properties" : { + "reference" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "aws" : { + "properties" : { + "ec2" : { + "properties" : { + "ip_address" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "vpcflow" : { + "properties" : { + "instance_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "account_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "interface_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_status" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "vpc_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tcp_flags" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pkt_srcaddr" : { + "type" : "ip" + }, + "subnet_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "pkt_dstaddr" : { + "type" : "ip" + } + } + }, + "s3access" : { + "properties" : { + "requester" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "version_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "signature_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "tls_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "turn_around_time" : { + "type" : "long" + }, + "authentication_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bytes_sent" : { + "type" : "long" + }, + "request_uri" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "host_header" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "bucket" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "referrer" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "remote_ip" : { + "type" : "ip" + }, + "cipher_suite" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "error_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "http_status" : { + "type" : "long" + }, + "bucket_owner" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "total_time" : { + "type" : "long" + }, + "operation" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "key" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "object_size" : { + "type" : "long" + }, + "user_agent" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "cloudwatch" : { + "properties" : { + "message" : { + "norms" : false, + "type" : "text" + } + } + }, + "elb" : { + "properties" : { + "incoming_tls_alert" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ssl_cipher" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "listener" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "error" : { + "properties" : { + "reason" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "connection_time" : { + "properties" : { + "ms" : { + "type" : "long" + } + } + }, + "target_port" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "classification_reason" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "backend" : { + "properties" : { + "port" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "ip" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "http" : { + "properties" : { + "response" : { + "properties" : { + "status_code" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + } + }, + "tls_handshake_time" : { + "properties" : { + "ms" : { + "type" : "long" + } + } + }, + "target_group" : { + "properties" : { + "arn" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "ssl_protocol" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "backend_processing_time" : { + "properties" : { + "sec" : { + "type" : "float" + } + } + }, + "chosen_cert" : { + "properties" : { + "serial" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "arn" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "trace_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "matched_rule_priority" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "classification" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_processing_time" : { + "properties" : { + "sec" : { + "type" : "float" + } + } + }, + "response_processing_time" : { + "properties" : { + "sec" : { + "type" : "float" + } + } + }, + "tls_named_group" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "target_status_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "redirect_url" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "action_executed" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "cloudtrail" : { + "properties" : { + "flattened" : { + "properties" : { + "additional_eventdata" : { + "type" : "flattened" + }, + "service_event_details" : { + "type" : "flattened" + }, + "request_parameters" : { + "type" : "flattened" + }, + "response_elements" : { + "type" : "flattened" + } + } + }, + "error_message" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "additional_eventdata" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "resources" : { + "properties" : { + "account_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "arn" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "recipient_account_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "api_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_parameters" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "event_version" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "event_type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "insight_details" : { + "type" : "flattened" + }, + "shared_event_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "read_only" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "console_login" : { + "properties" : { + "additional_eventdata" : { + "properties" : { + "login_to" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "mobile_version" : { + "type" : "boolean" + }, + "mfa_used" : { + "type" : "boolean" + } + } + } + } + }, + "digest" : { + "properties" : { + "start_time" : { + "type" : "date" + }, + "previous_s3_bucket" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "log_files" : { + "type" : "nested" + }, + "s3_object" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "newest_event_time" : { + "type" : "date" + }, + "previous_hash_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "end_time" : { + "type" : "date" + }, + "signature_algorithm" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "public_key_fingerprint" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "s3_bucket" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "oldest_event_time" : { + "type" : "date" + } + } + }, + "user_identity" : { + "properties" : { + "access_key_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "invoked_by" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "session_context" : { + "properties" : { + "session_issuer" : { + "properties" : { + "account_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "arn" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "principal_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "mfa_authenticated" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "creation_date" : { + "type" : "date" + } + } + }, + "type" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "arn" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + }, + "service_event_details" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "error_code" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "request_id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "management_event" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "response_elements" : { + "ignore_above" : 1024, + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + }, + "type" : "keyword" + }, + "vpc_endpoint_id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "user" : { + "properties" : { + "owner" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "saved" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "roles" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "terminal" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "filesystem" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "effective" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "full_name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "audit" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + }, + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword", + "fields" : { + "text" : { + "norms" : false, + "type" : "text" + } + } + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "hash" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "email" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "group" : { + "properties" : { + "domain" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "name" : { + "ignore_above" : 1024, + "type" : "keyword" + }, + "id" : { + "ignore_above" : 1024, + "type" : "keyword" + } + } + } + } + } + }, + "date_detection" : false + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.template.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.json deleted file mode 100644 index 75cc7e7..0000000 --- a/charts/lsdobserve/elastic/lsdobserve-filebeat.template.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "order": 9, - "index_patterns": [ - "filebeat-7.10.0-*" - ], - "settings": { - "index": { - "default_pipeline": "filebeat-lsdobserve-basic", - "lifecycle": { - "name": "filebeat-lsdobserve", - "rollover_alias": "filebeat-7.10.0" - } - } - } -} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.template.k8s.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.k8s.json new file mode 100644 index 0000000..a0bccc5 --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.k8s.json @@ -0,0 +1,14 @@ +{ + "order": 2, + "index_patterns": [ + "filebeat-7.10.2-k8s-*" + ], + "settings": { + "index": { + "lifecycle": { + "name": "filebeat-k8s", + "rollover_alias": "filebeat-7.10.2-k8s" + } + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.template.lsdo.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.lsdo.json new file mode 100644 index 0000000..4ad8107 --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.lsdo.json @@ -0,0 +1,14 @@ +{ + "order": 2, + "index_patterns": [ + "filebeat-7.10.2-lsdo-*" + ], + "settings": { + "index": { + "lifecycle": { + "name": "filebeat-lsdo", + "rollover_alias": "filebeat-7.10.2-lsdo" + } + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/elastic/lsdobserve-filebeat.template.project.json b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.project.json new file mode 100644 index 0000000..3e349ad --- /dev/null +++ b/charts/lsdobserve/elastic/lsdobserve-filebeat.template.project.json @@ -0,0 +1,14 @@ +{ + "order": 2, + "index_patterns": [ + "filebeat-7.10.2-project-all-*" + ], + "settings": { + "index": { + "lifecycle": { + "name": "filebeat-project", + "rollover_alias": "filebeat-7.10.2-project" + } + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/logstash/patterns-lsdobserve-basic b/charts/lsdobserve/logstash/patterns-lsdobserve-basic new file mode 100644 index 0000000..ca5a4ff --- /dev/null +++ b/charts/lsdobserve/logstash/patterns-lsdobserve-basic @@ -0,0 +1,16 @@ +LSDO_BASIC_001 ^(%{TIMESTAMP_ISO8601}|%{TIME})%{SPACE}%{LOGLEVEL:[log][level]}%{SPACE}%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_002 ^(%{TIMESTAMP_ISO8601}|%{TIME})%{SPACE}\[%{DATA}\]%{SPACE}%{LOGLEVEL:[log][level]}%{SPACE}%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_003 ^\[(%{TIMESTAMP_ISO8601}|%{TIME})\]%{SPACE}%{LOGLEVEL:[log][level]}%{SPACE}%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_004 ^\[%{TIMESTAMP_ISO8601}\]\[%{LOGLEVEL:[log][level]}%{SPACE}\]%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_005 ^%{TIMESTAMP_ISO8601} %{NOTSPACE}%{SPACE}\[%{NUMBER}\]: %{LOGLEVEL:[log][level]}%{SPACE}%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_006 ^%{SYSLOGTIMESTAMP} %{NOTSPACE}%{DATA}%{LOGLEVEL_SINGLECHAR:[log][level]}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_007 ^%{TIME:[@metadata][timestamp]} \|\-%{DATA:[log][level]} %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_008 ^%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME}%{SPACE}%{SYSLOG5424SD:[log][level]}%{SPACE}%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_009 ^%{SYSLOGBASE2} %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_010 ^%{TIMESTAMP_ISO8601} %{LOGLEVEL_SINGLECHAR:[log][level]} \| %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_011 ^%{MONTH} %{MONTHDAY}, %{YEAR} %{TIME} (AM|PM) %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_012 ^%{LOGLEVEL:[log][level]}%{SPACE}\[%{DATA}\] %{TIMESTAMP_ISO8601} %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_013 ^%{LOGLEVEL_SINGLECHAR:[log][level]}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{BASE10NUM} %{NOTSPACE}\] %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_014 ^%{LOGLEVEL_SINGLECHAR:[log][level]}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_015 ^\[%{DATA}\] %{DATA:[log][level]} %{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME} %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_016 ^%{LOGLEVEL:[log][level]}[,:]\s+%{GREEDYDATA:[log][message]}$ diff --git a/charts/lsdobserve/logstash/patterns-lsdobserve-utility b/charts/lsdobserve/logstash/patterns-lsdobserve-utility new file mode 100644 index 0000000..3c3cd44 --- /dev/null +++ b/charts/lsdobserve/logstash/patterns-lsdobserve-utility @@ -0,0 +1 @@ +LOGLEVEL_SINGLECHAR [DdIiWwEe] diff --git a/charts/lsdobserve/logstash/pipeline-logstash.conf b/charts/lsdobserve/logstash/pipeline-logstash.conf new file mode 100644 index 0000000..83a6924 --- /dev/null +++ b/charts/lsdobserve/logstash/pipeline-logstash.conf @@ -0,0 +1,43 @@ +input { + beats { + port => 5044 + ssl => false + } +} +filter { + grok { + match => { "[log][file][path]" => "%{GREEDYDATA}\/%{DATA:[@metadata][pod_name]}_%{DATA:[@metadata][namespace]}_%{GREEDYDATA}" } + } + if ![kubernetes][namespace] { + mutate { + add_field => { "[kubernetes][namespace]" => "%{[@metadata][namespace]}" } + } + } + if ![kubernetes][pod][name] { + mutate { + add_field => { "[kubernetes][pod][name]" => "%{[@metadata][pod_name]}" } + } + } +} +output { + ### + # NOTE: Each new onboarded project should have a separate pipeline + # Create the pipeline in a new configMap and use a pipeline { send_to => } + # for each new project/pipeline. + # For Monitoring new pipelines, edit the lsdobserve-logstash-config VonfigMap + # to include the new pipeline. + # Example: + # if [kubernetes][namespace] == "my-project-dev" { + # pipeline { + # send_to => ["pipeline-my-project-dev"] + # } + # } else { + # pipeline { + # send_to => ["pipeline-lsdobserve"] + # } + # } + ### + pipeline { + send_to => ["pipeline-lsdobserve"] + } +} diff --git a/charts/lsdobserve/logstash/pipeline-lsdobserve.conf b/charts/lsdobserve/logstash/pipeline-lsdobserve.conf new file mode 100644 index 0000000..48b04d2 --- /dev/null +++ b/charts/lsdobserve/logstash/pipeline-lsdobserve.conf @@ -0,0 +1,92 @@ +input { + pipeline { + address => "pipeline-lsdobserve" + } +} + +filter { + grok { + patterns_dir => [ "/usr/share/logstash/config/patterns" ] + named_captures_only => true + match => { + "message" => [ + "%{LSDO_BASIC_001}", + "%{LSDO_BASIC_002}", + "%{LSDO_BASIC_003}", + "%{LSDO_BASIC_004}", + "%{LSDO_BASIC_005}", + "%{LSDO_BASIC_006}", + "%{LSDO_BASIC_007}", + "%{LSDO_BASIC_008}", + "%{LSDO_BASIC_009}", + "%{LSDO_BASIC_010}", + "%{LSDO_BASIC_011}", + "%{LSDO_BASIC_012}", + "%{LSDO_BASIC_013}", + "%{LSDO_BASIC_014}", + "%{LSDO_BASIC_015}", + "%{LSDO_BASIC_016}" + ] + } + } + if [log][level] { + if [log][level] =~ /^([Dd]ebug|\[debug\]|[Dd])$/ { + mutate { + update => { "[log][level]" => "DEBUG" } + } + } else if [log][level] =~ /^([Ii]nfo|\[info\]|[Ii])$/ { + mutate { + update => { "[log][level]" => "INFO" } + } + } else if [log][level] =~ /^(WARNING|[Ww]arning|[Ww]arn|\[warn\]|[Ww])$/ { + mutate { + update => { "[log][level]" => "WARN" } + } + } else if [log][level] =~ /^([Ee]rror|[Ee]rr|[Ee]r|\[error\]|[Ee])$/ { + mutate { + update => { "[log][level]" => "ERROR" } + } + } + } else { + mutate { + add_field => { "[log][level]" => "INFO" } + } + } +} + +output { + if [kubernetes][namespace] =~ /^kube-.*/ or [kubernetes][namespace] =~ /^openshift.*/ or [kubernetes][namespace] =~ /^cattle-.*/ or [kubernetes][namespace] =~ /^pks-.*/ or [kubernetes][namespace] =~ /^default.*/ or [kubernetes][namespace] =~ /^ingress-.*/ or [kubernetes][namespace] =~ /^nginx-.*/ or [kubernetes][namespace] =~ /^fleet-.*/ or [kubernetes][namespace] =~ /^nfs-.*/ or [kubernetes][namespace] =~ /^quay-.*/ or [kubernetes][namespace] =~ /^istio-.*/ or [kubernetes][namespace] =~ /^argocd.*/ or [kubernetes][namespace] =~ /^velero.*/ or [kubernetes][namespace] =~ /^vault*/ { + elasticsearch { + hosts => [ "https://lsdobserve-es-http:9200" ] + ssl => true + cacert => "/usr/share/logstash/certs/tls.crt" + sniffing => false + manage_template => false + user => elastic + password => "${ELASTIC_PASSWORD}" + index => "%{[@metadata][beat]}-%{[@metadata][version]}-k8s" + } + } else if [kubernetes][namespace] =~ /^lsdobserve.*/ { + elasticsearch { + hosts => [ "https://lsdobserve-es-http:9200" ] + ssl => true + cacert => "/usr/share/logstash/certs/tls.crt" + sniffing => false + manage_template => false + user => elastic + password => "${ELASTIC_PASSWORD}" + index => "%{[@metadata][beat]}-%{[@metadata][version]}-lsdo" + } + } else { + elasticsearch { + hosts => [ "https://lsdobserve-es-http:9200" ] + ssl => true + cacert => "/usr/share/logstash/certs/tls.crt" + sniffing => false + manage_template => false + user => elastic + password => "${ELASTIC_PASSWORD}" + index => "%{[@metadata][beat]}-%{[@metadata][version]}-project" + } + } +} \ No newline at end of file diff --git a/charts/lsdobserve/templates/elastic.apm.yaml b/charts/lsdobserve/templates/elastic.apm.yaml index a197fc5..682b7c2 100644 --- a/charts/lsdobserve/templates/elastic.apm.yaml +++ b/charts/lsdobserve/templates/elastic.apm.yaml @@ -6,7 +6,7 @@ kind: ApmServer metadata: name: {{ .Release.Name }} spec: - version: 7.10.0 + version: {{ .Values.lsdobserve.elastic.apm.version }} image: {{ .Values.lsdobserve.elastic.apm.image }} count: 1 elasticsearchRef: diff --git a/charts/lsdobserve/templates/elastic.configmaps.yaml b/charts/lsdobserve/templates/elastic.configmaps.yaml index f137747..e678b73 100644 --- a/charts/lsdobserve/templates/elastic.configmaps.yaml +++ b/charts/lsdobserve/templates/elastic.configmaps.yaml @@ -3,12 +3,26 @@ apiVersion: v1 kind: ConfigMap metadata: - name: elastic-filbeat-custom-files + name: elastic-filebeat-custom-files data: - lsdobserve-filebeat.ilm.policy.json: |- -{{ .Files.Get "elastic/lsdobserve-filebeat.ilm.policy.json" | indent 4}} - lsdobserve-filebeat.pipeline.json: |- -{{ .Files.Get "elastic/lsdobserve-filebeat.pipeline.json" | indent 4}} - lsdobserve-filebeat.template.json: |- -{{ .Files.Get "elastic/lsdobserve-filebeat.template.json" | indent 4}} + lsdobserve-filebeat.bootstrap.k8s.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.bootstrap.k8s.json" | indent 4}} + lsdobserve-filebeat.bootstrap.lsdo.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.bootstrap.lsdo.json" | indent 4}} + lsdobserve-filebeat.bootstrap.project.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.bootstrap.project.json" | indent 4}} + lsdobserve-filebeat.ilm.policy.k8s.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.ilm.policy.k8s.json" | indent 4}} + lsdobserve-filebeat.ilm.policy.lsdo.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.ilm.policy.lsdo.json" | indent 4}} + lsdobserve-filebeat.ilm.policy.project.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.ilm.policy.project.json" | indent 4}} + lsdobserve-filebeat.template.7.10.2.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.template.7.10.2.json" | indent 4}} + lsdobserve-filebeat.template.k8s.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.template.k8s.json" | indent 4}} + lsdobserve-filebeat.template.lsdo.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.template.lsdo.json" | indent 4}} + lsdobserve-filebeat.template.project.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.template.project.json" | indent 4}} --- diff --git a/charts/lsdobserve/templates/elastic.es.yaml b/charts/lsdobserve/templates/elastic.es.yaml index 77c4825..092bf6d 100644 --- a/charts/lsdobserve/templates/elastic.es.yaml +++ b/charts/lsdobserve/templates/elastic.es.yaml @@ -8,7 +8,7 @@ metadata: labels: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" spec: - version: 7.10.2 + version: "{{ .Values.lsdobserve.elastic.version }}" image: "{{ .Values.lsdobserve.elastic.image }}" nodeSets: - name: default diff --git a/charts/lsdobserve/templates/elastic.filebeat.yaml b/charts/lsdobserve/templates/elastic.filebeat.yaml index 406b531..fc853ff 100644 --- a/charts/lsdobserve/templates/elastic.filebeat.yaml +++ b/charts/lsdobserve/templates/elastic.filebeat.yaml @@ -49,11 +49,14 @@ spec: type: filebeat version: {{ .Values.lsdobserve.elastic.filebeat.version }} image: {{ .Values.lsdobserve.elastic.filebeat.image }} - elasticsearchRef: - name: {{ .Release.Name }} config: filebeat.inputs: - type: container + close_inactive: 4h + multiline: + match: after + negate: false + pattern: '^[[:space:]]+|^Caused by:' paths: - /var/log/containers/*.log processors: @@ -62,6 +65,8 @@ spec: matchers: - logs_path: logs_path: /var/log/containers/ + output.logstash: + hosts: ["lsdobserve-logstash:5044"] daemonSet: podTemplate: spec: diff --git a/charts/lsdobserve/templates/elastic.jobs.yaml b/charts/lsdobserve/templates/elastic.jobs.yaml index a8a1ea4..0cf1a8a 100644 --- a/charts/lsdobserve/templates/elastic.jobs.yaml +++ b/charts/lsdobserve/templates/elastic.jobs.yaml @@ -26,7 +26,7 @@ spec: containers: - args: - -c - - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.ilm.policy.json \"https://lsdobserve-es-http:9200/_ilm/policy/filebeat-lsdobserve\"" + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.ilm.policy.k8s.json \"https://lsdobserve-es-http:9200/_ilm/policy/filebeat-k8s\"" command: - /bin/sh env: @@ -36,13 +36,13 @@ spec: name: lsdobserve-es-elastic-user key: elastic image: {{ .Values.lsdobserve.curl.image }} - name: filebeat-ilm-policy + name: filebeat-ilm-policy-k8s volumeMounts: - mountPath: /opt/elastic/ - name: elastic-filbeat-custom-files + name: elastic-filebeat-custom-files - args: - -c - - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.pipeline.json \"https://lsdobserve-es-http:9200/_ingest/pipeline/filebeat-lsdobserve-basic\"" + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.ilm.policy.lsdo.json \"https://lsdobserve-es-http:9200/_ilm/policy/filebeat-lsdo\"" command: - /bin/sh env: @@ -52,13 +52,29 @@ spec: name: lsdobserve-es-elastic-user key: elastic image: {{ .Values.lsdobserve.curl.image }} - name: filebeat-pipeline + name: filebeat-ilm-policy-lsdo volumeMounts: - mountPath: /opt/elastic/ - name: elastic-filbeat-custom-files + name: elastic-filebeat-custom-files - args: - -c - - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.template.json \"https://lsdobserve-es-http:9200/_template/filebeat-7.10.0-lsdobserve\"" + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.ilm.policy.project.json \"https://lsdobserve-es-http:9200/_ilm/policy/filebeat-project\"" + command: + - /bin/sh + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + image: {{ .Values.lsdobserve.curl.image }} + name: filebeat-ilm-policy-project + volumeMounts: + - mountPath: /opt/elastic/ + name: elastic-filebeat-custom-files + - args: + - -c + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.template.7.10.2.json \"https://lsdobserve-es-http:9200/_template/filebeat-7.10.2\"" command: - /bin/sh env: @@ -71,12 +87,108 @@ spec: name: filebeat-template volumeMounts: - mountPath: /opt/elastic/ - name: elastic-filbeat-custom-files + name: elastic-filebeat-custom-files + - args: + - -c + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.template.k8s.json \"https://lsdobserve-es-http:9200/_template/filebeat-k8s\"" + command: + - /bin/sh + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + image: {{ .Values.lsdobserve.curl.image }} + name: filebeat-template-k8s + volumeMounts: + - mountPath: /opt/elastic/ + name: elastic-filebeat-custom-files + - args: + - -c + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.template.lsdo.json \"https://lsdobserve-es-http:9200/_template/filebeat-lsdo\"" + command: + - /bin/sh + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + image: {{ .Values.lsdobserve.curl.image }} + name: filebeat-template-lsdo + volumeMounts: + - mountPath: /opt/elastic/ + name: elastic-filebeat-custom-files + - args: + - -c + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.template.project.json \"https://lsdobserve-es-http:9200/_template/filebeat-project\"" + command: + - /bin/sh + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + image: {{ .Values.lsdobserve.curl.image }} + name: filebeat-template-project + volumeMounts: + - mountPath: /opt/elastic/ + name: elastic-filebeat-custom-files + - args: + - -c + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.k8s.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.10.2-k8s-%7Bnow%2Fd%7D-000001%3E\"" + command: + - /bin/sh + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + image: {{ .Values.lsdobserve.curl.image }} + name: filebeat-bootstrap-k8s + volumeMounts: + - mountPath: /opt/elastic/ + name: elastic-filebeat-custom-files + - args: + - -c + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.lsdo.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.10.2-lsdo-%7Bnow%2Fd%7D-000001%3E\"" + command: + - /bin/sh + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + image: {{ .Values.lsdobserve.curl.image }} + name: filebeat-bootstrap-lsdo + volumeMounts: + - mountPath: /opt/elastic/ + name: elastic-filebeat-custom-files + - args: + - -c + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.project.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.10.2-project-all-%7Bnow%2Fd%7D-000001%3E\"" + command: + - /bin/sh + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + image: {{ .Values.lsdobserve.curl.image }} + name: filebeat-bootstrap-project + volumeMounts: + - mountPath: /opt/elastic/ + name: elastic-filebeat-custom-files restartPolicy: Never volumes: - configMap: defaultMode: 420 - name: elastic-filbeat-custom-files - name: elastic-filbeat-custom-files + name: elastic-filebeat-custom-files + name: elastic-filebeat-custom-files --- {{- end }} diff --git a/charts/lsdobserve/templates/elastic.kibana.yaml b/charts/lsdobserve/templates/elastic.kibana.yaml index 4a6898b..3545ddf 100644 --- a/charts/lsdobserve/templates/elastic.kibana.yaml +++ b/charts/lsdobserve/templates/elastic.kibana.yaml @@ -8,7 +8,7 @@ metadata: labels: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" spec: - version: 7.10.2 + version: "{{ .Values.lsdobserve.elastic.kibana.version }}" image: "{{ .Values.lsdobserve.elastic.kibana.image }}" count: {{ .Values.lsdobserve.elastic.kibana.count }} elasticsearchRef: diff --git a/charts/lsdobserve/templates/logstash.configmaps.yaml b/charts/lsdobserve/templates/logstash.configmaps.yaml new file mode 100644 index 0000000..d7ca8dd --- /dev/null +++ b/charts/lsdobserve/templates/logstash.configmaps.yaml @@ -0,0 +1,28 @@ +# Logstash ConfigMaps +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: logstash-pipeline +data: + logstash.conf: |- +{{ .Files.Get "logstash/pipeline-logstash.conf" | indent 4}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: logstash-pipeline-lsdobserve +data: + 001-pipeline.conf: |- +{{ .Files.Get "logstash/pipeline-lsdobserve.conf" | indent 4}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: logstash-patterns +data: + lsdobserve-basic: |- +{{ .Files.Get "logstash/patterns-lsdobserve-basic" | indent 4}} + lsdobserve-utility: |- +{{ .Files.Get "logstash/patterns-lsdobserve-utility" | indent 4}} +--- diff --git a/charts/lsdobserve/values.yaml b/charts/lsdobserve/values.yaml index bb7acbf..20444b8 100644 --- a/charts/lsdobserve/values.yaml +++ b/charts/lsdobserve/values.yaml @@ -2,13 +2,18 @@ lsdobserve: # There are your options clusterType: openshift | gke | rancher clusterType: "rancher" - eckOperatorVersion: &anchoreckOperatorVersion "1.3.0" + eckOperatorVersion: &anchoreckOperatorVersion "1.6.0" eckVersion: &anchoreckVersion "7.10.2" + eckElasticsearchImage: &anchoreckElasticsearchImage "docker.elastic.co/elasticsearch/elasticsearch:7.10.2" + eckKibanaImage: &anchoreckKibanaImage "docker.elastic.co/kibana/kibana:7.10.2" + eckApmImage: &anchoreckApmImage "docker.elastic.co/apm/apm-server:7.10.2" + eckFilebeatImage: &anchoreckFilebeatImage "docker.elastic.co/beats/filebeat:7.10.2" + eckMetricbeatImage: &anchoreckMetricbeatImage "docker.elastic.co/beats/metricbeat:7.10.2" elasticClusterSize: &anchorelasticClusterSize "1" kibanaURL: &anchorkibanaURL "kibana.apps.k8s-01.qa.lsdopen.io" logstashJavaOpts: &anchorlogstashJavaOpts "-Xms1g -Xmx1g" grafanaUsername: &anchorgrafanaUsername "admin" - grafanaPassword: &anchorgrafanaPassword "ChangeMe-PassowrdForGrafana" + grafanaPassword: &anchorgrafanaPassword "ChangeMe-PasswordForGrafana" grafanaVersion: &anchorgrafanaVersion "7.5.2" grafanaURL: &anchorgrafanaURL "grafana.apps.k8s-01.qa.lsdopen.io" prometheusRenention: &anchorprometheusRenention "30d" @@ -32,31 +37,32 @@ lsdobserve: url: *anchorgrafanaURL elastic: enabled: true - image: "docker.elastic.co/elasticsearch/elasticsearch:7.10.2" + image: *anchoreckElasticsearchImage + version: *anchoreckVersion count: *anchorelasticClusterSize storage: "50Gi" storageClassName: *anchorstorageClass filebeat: enabled: true - image: "docker.elastic.co/beats/filebeat:7.10.2" + image: *anchoreckFilebeatImage version: *anchoreckVersion ## Metricbeat as a Daemonset to collect metrics from Nodes metricbeat: enabled: false - image: "docker.elastic.co/beats/metricbeat:7.10.2" + image: *anchoreckMetricbeatImage version: *anchoreckVersion ## Metricbeat to connect to Prometheus metricbeatPrometheus: enabled: true - image: "docker.elastic.co/beats/metricbeat:7.10.2" + image: *anchoreckMetricbeatImage version: *anchoreckVersion apm: enabled: false - image: "docker.elastic.co/apm/apm-server:7.10.2" + image: *anchoreckApmImage version: *anchoreckVersion kibana: enabled: true - image: "docker.elastic.co/kibana/kibana:7.10.2" + image: *anchoreckKibanaImage version: *anchoreckVersion count: "1" ingress: @@ -66,7 +72,7 @@ lsdobserve: logstash: image: "docker.elastic.co/logstash/logstash" imageTag: *anchoreckVersion - replicas: "1" + replicas: "0" logstashJavaOpts: *anchorlogstashJavaOpts resources: requests: @@ -84,6 +90,52 @@ logstash: port: 5044 protocol: TCP targetPort: 5044 + logstashPatternDir: "/usr/share/logstash/patterns/" + logstashConfig: + logstash.yml: | + http.host: "0.0.0.0" + monitoring.enabled: true + monitoring.elasticsearch.username: elastic + monitoring.elasticsearch.password: ${ELASTIC_PASSWORD} + monitoring.elasticsearch.hosts: [ "https://lsdobserve-es-http:9200" ] + monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/certs/tls.crt + pipeline.ordered: false + pipelines.yml: | + - pipeline.id: main + path.config: "/usr/share/logstash/pipeline" + - pipeline.id: lsdobserve + path.config: "/usr/share/logstash/pipeline/lsdobserve" + secretMounts: + - name: elastic-ca-certs + secretName: lsdobserve-es-http-ca-internal + path: /usr/share/logstash/certs + defaultMode: 420 + extraEnvs: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + extraVolumes: | + - configMap: + defaultMode: 420 + name: logstash-pipeline + name: logstash-pipeline + - configMap: + defaultMode: 420 + name: logstash-pipeline-lsdobserve + name: logstash-pipeline-lsdobserve + - configMap: + defaultMode: 420 + name: logstash-patterns + name: logstash-patterns + extraVolumeMounts: | + - mountPath: /usr/share/logstash/pipeline + name: logstash-pipeline + - mountPath: /usr/share/logstash/pipeline/lsdobserve + name: logstash-pipeline-lsdobserve + - mountPath: /usr/share/logstash/patterns + name: logstash-patterns # Elastic Operator # To get a latest values you can run: From c438f15f5c69077b83a14248ce4c65071c75d291 Mon Sep 17 00:00:00 2001 From: Neil Maderthaner Date: Wed, 1 Sep 2021 08:30:59 +0200 Subject: [PATCH 03/11] Changed order of Grok patterns --- .../logstash/patterns-lsdobserve-basic | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/lsdobserve/logstash/patterns-lsdobserve-basic b/charts/lsdobserve/logstash/patterns-lsdobserve-basic index ca5a4ff..a765cc9 100644 --- a/charts/lsdobserve/logstash/patterns-lsdobserve-basic +++ b/charts/lsdobserve/logstash/patterns-lsdobserve-basic @@ -6,11 +6,11 @@ LSDO_BASIC_005 ^%{TIMESTAMP_ISO8601} %{NOTSPACE}%{SPACE}\[%{NUMBER}\]: %{LOGLEVE LSDO_BASIC_006 ^%{SYSLOGTIMESTAMP} %{NOTSPACE}%{DATA}%{LOGLEVEL_SINGLECHAR:[log][level]}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{GREEDYDATA:[log][message]}$ LSDO_BASIC_007 ^%{TIME:[@metadata][timestamp]} \|\-%{DATA:[log][level]} %{GREEDYDATA:[log][message]}$ LSDO_BASIC_008 ^%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME}%{SPACE}%{SYSLOG5424SD:[log][level]}%{SPACE}%{GREEDYDATA:[log][message]}$ -LSDO_BASIC_009 ^%{SYSLOGBASE2} %{GREEDYDATA:[log][message]}$ -LSDO_BASIC_010 ^%{TIMESTAMP_ISO8601} %{LOGLEVEL_SINGLECHAR:[log][level]} \| %{GREEDYDATA:[log][message]}$ -LSDO_BASIC_011 ^%{MONTH} %{MONTHDAY}, %{YEAR} %{TIME} (AM|PM) %{GREEDYDATA:[log][message]}$ -LSDO_BASIC_012 ^%{LOGLEVEL:[log][level]}%{SPACE}\[%{DATA}\] %{TIMESTAMP_ISO8601} %{GREEDYDATA:[log][message]}$ -LSDO_BASIC_013 ^%{LOGLEVEL_SINGLECHAR:[log][level]}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{BASE10NUM} %{NOTSPACE}\] %{GREEDYDATA:[log][message]}$ -LSDO_BASIC_014 ^%{LOGLEVEL_SINGLECHAR:[log][level]}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{GREEDYDATA:[log][message]}$ -LSDO_BASIC_015 ^\[%{DATA}\] %{DATA:[log][level]} %{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME} %{GREEDYDATA:[log][message]}$ -LSDO_BASIC_016 ^%{LOGLEVEL:[log][level]}[,:]\s+%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_009 ^%{TIMESTAMP_ISO8601} %{LOGLEVEL_SINGLECHAR:[log][level]} \| %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_010 ^%{MONTH} %{MONTHDAY}, %{YEAR} %{TIME} (AM|PM) %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_011 ^%{LOGLEVEL:[log][level]}%{SPACE}\[%{DATA}\] %{TIMESTAMP_ISO8601} %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_012 ^%{LOGLEVEL_SINGLECHAR:[log][level]}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{BASE10NUM} %{NOTSPACE}\] %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_013 ^%{LOGLEVEL_SINGLECHAR:[log][level]}%{MONTHNUM}%{MONTHDAY} %{TIME}%{SPACE}%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_014 ^\[%{DATA}\] %{DATA:[log][level]} %{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME} %{GREEDYDATA:[log][message]}$ +LSDO_BASIC_015 ^%{LOGLEVEL:[log][level]}[,:]\s+%{GREEDYDATA:[log][message]}$ +LSDO_BASIC_016 ^%{SYSLOGBASE2} %{GREEDYDATA:[log][message]}$ From f3c86f41175acbf99faa048d28c069c8c13fa182 Mon Sep 17 00:00:00 2001 From: mark-lsd <62740654+mark-lsd@users.noreply.github.com> Date: Tue, 14 Dec 2021 16:21:27 +0200 Subject: [PATCH 04/11] log4j dns exfil --- charts/lsdobserve/templates/elastic.es.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lsdobserve/templates/elastic.es.yaml b/charts/lsdobserve/templates/elastic.es.yaml index 092bf6d..032c70a 100644 --- a/charts/lsdobserve/templates/elastic.es.yaml +++ b/charts/lsdobserve/templates/elastic.es.yaml @@ -31,7 +31,7 @@ spec: - name: elasticsearch env: - name: ES_JAVA_OPTS - value: -Xms2g -Xmx2g + value: -Xms2g -Xmx2g -Dlog4j2.formatMsgNoLookups=true resources: requests: memory: 4Gi From 6c7e5071785126e866667f08d380ff76f2d4ebf6 Mon Sep 17 00:00:00 2001 From: Seagyn Davis Date: Mon, 31 Jan 2022 10:20:42 +0200 Subject: [PATCH 05/11] bump api versions that are removed in 1.22 --- charts/lsdobserve/Chart.yaml | 2 +- charts/lsdobserve/crds/elastic-crds.yaml | 12 ++++++------ charts/lsdobserve/templates/elastic.kibana.yaml | 2 +- charts/lsdobserve/templates/grafana.yaml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/lsdobserve/Chart.yaml b/charts/lsdobserve/Chart.yaml index eabebae..0a99dd3 100644 --- a/charts/lsdobserve/Chart.yaml +++ b/charts/lsdobserve/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: lsdobserve -version: "1.0.83" +version: "1.1.0" appVersion: "1.0.2" # Disabling kubeVersion because GKE is dumb # kubeVersion: ">=v1.11.0" diff --git a/charts/lsdobserve/crds/elastic-crds.yaml b/charts/lsdobserve/crds/elastic-crds.yaml index fb0b9f3..45f6821 100644 --- a/charts/lsdobserve/crds/elastic-crds.yaml +++ b/charts/lsdobserve/crds/elastic-crds.yaml @@ -1,6 +1,6 @@ # https://github.com/elastic/cloud-on-k8s/blob/master/config/crds/all-crds.yaml --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: @@ -280,7 +280,7 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: @@ -849,7 +849,7 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: @@ -1151,7 +1151,7 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: @@ -2440,7 +2440,7 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: @@ -2957,7 +2957,7 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/charts/lsdobserve/templates/elastic.kibana.yaml b/charts/lsdobserve/templates/elastic.kibana.yaml index 4a6898b..3a64f6e 100644 --- a/charts/lsdobserve/templates/elastic.kibana.yaml +++ b/charts/lsdobserve/templates/elastic.kibana.yaml @@ -34,7 +34,7 @@ spec: # Kibana Ingress {{- if or (eq .Values.lsdobserve.clusterType "gke") (eq .Values.lsdobserve.clusterType "rancher") -}} --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: diff --git a/charts/lsdobserve/templates/grafana.yaml b/charts/lsdobserve/templates/grafana.yaml index 61b123c..745f1b1 100644 --- a/charts/lsdobserve/templates/grafana.yaml +++ b/charts/lsdobserve/templates/grafana.yaml @@ -86,7 +86,7 @@ metadata: # Grafana Ingress {{- if or (eq .Values.lsdobserve.clusterType "gke") (eq .Values.lsdobserve.clusterType "rancher") -}} --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: From 305fa727275d02a595d159a1ba58dad7d0b0256b Mon Sep 17 00:00:00 2001 From: Seagyn Davis Date: Mon, 31 Jan 2022 10:27:37 +0200 Subject: [PATCH 06/11] update CRD defs --- charts/lsdobserve/crds/elastic-crds.yaml | 10838 +++++++++++++++------ 1 file changed, 7605 insertions(+), 3233 deletions(-) diff --git a/charts/lsdobserve/crds/elastic-crds.yaml b/charts/lsdobserve/crds/elastic-crds.yaml index 45f6821..77958fd 100644 --- a/charts/lsdobserve/crds/elastic-crds.yaml +++ b/charts/lsdobserve/crds/elastic-crds.yaml @@ -1,32 +1,13 @@ -# https://github.com/elastic/cloud-on-k8s/blob/master/config/crds/all-crds.yaml +# https://raw.githubusercontent.com/elastic/cloud-on-k8s/main/config/crds/v1/all-crds.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: agents.agent.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: available - type: integer - - JSONPath: .status.expectedNodes - description: Expected nodes - name: expected - type: integer - - JSONPath: .status.version - description: Agent version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: agent.k8s.elastic.co names: categories: @@ -38,143 +19,237 @@ spec: - agent singular: agent scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Agent is the Schema for the Agents API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AgentSpec defines the desired state of the Agent - properties: - config: - description: Config holds the Agent configuration. At most one of [`Config`, - `ConfigRef`] can be specified. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Agent configuration. Agent settings must be specified - as yaml, under a single "agent.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - daemonSet: - description: DaemonSet specifies the Agent should be deployed as a DaemonSet, - and allows providing its spec. Cannot be used along with `deployment`. - properties: - updateStrategy: - description: DaemonSetUpdateStrategy is a struct used to control - the update strategy for a DaemonSet. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: available + type: integer + - description: Expected nodes + jsonPath: .status.expectedNodes + name: expected + type: integer + - description: Agent version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Agent is the Schema for the Agents API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AgentSpec defines the desired state of the Agent + properties: + config: + description: Config holds the Agent configuration. At most one of + [`Config`, `ConfigRef`] can be specified. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Agent configuration. Agent settings must be specified + as yaml, under a single "agent.yml" entry. At most one of [`Config`, + `ConfigRef`] can be specified. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + daemonSet: + description: DaemonSet specifies the Agent should be deployed as a + DaemonSet, and allows providing its spec. Cannot be used along with + `deployment`. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have + when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + updateStrategy: + description: DaemonSetUpdateStrategy is a struct used to control + the update strategy for a DaemonSet. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + type = "RollingUpdate". --- TODO: Update this to follow + our convention for oneOf, whatever we decide it to be. Same + as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of nodes with an existing + available DaemonSet pod that can have an updated DaemonSet + pod during during an update. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up + to a minimum of 1. Default value is 0. Example: when + this is set to 30%, at most 30% of the total number + of nodes that should be running the daemon pod (i.e. + status.desiredNumberScheduled) can have their a new + pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. + Once an updated pod is available (Ready for at least + minReadySeconds) the old DaemonSet pod on that node + is marked deleted. If the old pod becomes unavailable + for any reason (Ready transitions to false, is evicted, + or is drained) an updated pod is immediatedly created + on that node without considering surge limits. Allowing + surge implies the possibility that the resources consumed + by the daemonset on any given node can double if the + readiness check fails, and so resource intensive daemonsets + should take into account that they may cause evictions + during disruption. This is beta field and enabled/disabled + by DaemonSetUpdateSurge feature gate.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that + can be unavailable during the update. Value can be an + absolute number (ex: 5) or a percentage of total number + of DaemonSet pods at the start of the update (ex: 10%). + Absolute number is calculated from percentage by rounding + up. This cannot be 0 if MaxSurge is 0 Default value + is 1. Example: when this is set to 30%, at most 30% + of the total number of nodes that should be running + the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given + time. The update starts by stopping at most 30% of those + DaemonSet pods and then brings up new DaemonSet pods + in their place. Once the new pods are available, it + then proceeds onto other DaemonSet pods, thus ensuring + that at least 70% of original number of DaemonSet pods + are available at all times during the update.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. + type: string + type: object + type: object + deployment: + description: Deployment specifies the Agent should be deployed as + a Deployment, and allows providing its spec. Cannot be used along + with `daemonSet`. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have + when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + replicas: + format: int32 + type: integer + strategy: + description: DeploymentStrategy describes how to replace existing + pods with new ones. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + DeploymentStrategyType = RollingUpdate. --- TODO: Update + this to follow our convention for oneOf, whatever we decide + it to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled + above the desired number of pods. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. + Defaults to 25%. Example: when this is set to 30%, the + new ReplicaSet can be scaled up immediately when the + rolling update starts, such that the total number of + old and new pods do not exceed 130% of desired pods. + Once old pods have been killed, new ReplicaSet can be + scaled up further, ensuring that total number of pods + running at any time during the update is at most 130% + of desired pods.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired pods (ex: 10%). Absolute + number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet + can be scaled down to 70% of desired pods immediately + when the rolling update starts. Once new pods are ready, + old ReplicaSet can be scaled down further, followed + by scaling up the new ReplicaSet, ensuring that the + total number of pods available at all times during the + update is at least 70% of desired pods.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + type: object + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of Elasticsearch + clusters running in the same Kubernetes cluster. Due to existing + limitations, only a single ES cluster is currently supported. + items: properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow our - convention for oneOf, whatever we decide it to be. Same as - Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0. Default value is 1. Example: when - this is set to 30%, at most 30% of the total number of - nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods in - their place. Once the new pods are available, it then - proceeds onto other DaemonSet pods, thus ensuring that - at least 70% of original number of DaemonSet pods are - available at all times during the update.' - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. + name: + description: Name of the Kubernetes object. type: string - type: object - type: object - deployment: - description: Deployment specifies the Agent should be deployed as a - Deployment, and allows providing its spec. Cannot be used along with - `daemonSet`. - properties: - replicas: - format: int32 - type: integer - strategy: - description: DeploymentStrategy describes how to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update this - to follow our convention for oneOf, whatever we decide it - to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. Absolute number - is calculated from percentage by rounding up. Defaults - to 25%. Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update starts, - such that the total number of old and new pods do not - exceed 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that - total number of pods running at any time during the update - is at most 130% of desired pods.' - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately when the rolling - update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the - new ReplicaSet, ensuring that the total number of pods - available at all times during the update is at least 70% - of desired pods.' - type: object - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". - Default is RollingUpdate. + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + outputName: + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced + resource is used. type: string + required: + - name type: object - type: object - elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of Elasticsearch - clusters running in the same Kubernetes cluster. Due to existing limitations, - only a single ES cluster is currently supported. - items: + type: array + fleetServerEnabled: + description: FleetServerEnabled determines whether this Agent will + launch Fleet Server. Don't set unless `mode` is set to `fleet`. + type: boolean + fleetServerRef: + description: FleetServerRef is a reference to Fleet Server that this + Agent should connect to to obtain it's configuration. Don't set + unless `mode` is set to `fleet`. properties: name: description: Name of the Kubernetes object. @@ -183,96 +258,546 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string - outputName: + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. type: string required: - name type: object - type: array - image: - description: Image is the Agent Docker image to deploy. Version has - to match the Agent in the image. - type: string - secureSettings: - description: SecureSettings is a list of references to Kubernetes Secrets - containing sensitive configuration options for the Agent. Secrets - data can be then referenced in the Agent config using the Secret's - keys or as specified in `Entries` field of each SecureSetting. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + http: + description: HTTP holds the HTTP layer configuration for the Agent + in Fleet mode with Fleet Server enabled. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Agent Docker image to deploy. Version has + to match the Agent in the image. + type: string + kibanaRef: + description: KibanaRef is a reference to Kibana where Fleet should + be set up and this Agent should be enrolled. Don't set unless `mode` + is set to `fleet`. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. type: string required: - - secretName + - name + type: object + mode: + description: Mode specifies the source of configuration for the Agent. + The configuration can be specified locally through `config` or `configRef` + (`standalone` mode), or come from Fleet during runtime (`fleet` + mode). Defaults to `standalone` mode. + enum: + - standalone + - fleet + type: string + secureSettings: + description: SecureSettings is a list of references to Kubernetes + Secrets containing sensitive configuration options for the Agent. + Secrets data can be then referenced in the Agent config using the + Secret's keys or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to an Elasticsearch resource in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of the Agent. + type: string + required: + - version + type: object + status: + description: AgentStatus defines the observed state of the Agent + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationsStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: AssociationStatusMap is the map of association's namespaced + name string to its AssociationStatus. For resources that have a + single Association of a given type (for ex. single ES reference), + this map contains a single entry. type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a Elasticsearch resource in a different namespace. Can - only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of the Agent. - type: string - required: - - version - type: object - status: - description: AgentStatus defines the observed state of the Agent - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationsStatus: - additionalProperties: + expectedNodes: + format: int32 + type: integer + fleetServerAssociationStatus: description: AssociationStatus is the status of an association resource. type: string - description: AssociationStatusMap is the map of association's namespaced - name string to its AssociationStatus. For resources that have a single - Association of a given type (eg. single ES reference), this map will - contain a single entry. - type: object - expectedNodes: - format: int32 - type: integer - health: - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1alpha1 - versions: - - name: v1alpha1 + health: + type: string + kibanaAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,25 +809,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: apmservers.apm.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: APM version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: apm.k8s.elastic.co names: categories: @@ -314,572 +824,1174 @@ spec: - apm singular: apmserver scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ApmServer represents an APM Server resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ApmServerSpec holds the specification of an APM Server. - properties: - config: - description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' - type: object - count: - description: Count of APM Server instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the output Elasticsearch - cluster running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for the APM Server - resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: APM version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ApmServer represents an APM Server resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApmServerSpec holds the specification of an APM Server. + properties: + config: + description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of APM Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the output Elasticsearch + cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for the APM Server + resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. format: int32 type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object type: object - type: array - type: object - type: object - type: object - image: - description: Image is the APM Server Docker image to deploy. - type: string - kibanaRef: - description: KibanaRef is a reference to a Kibana instance running in - the same Kubernetes cluster. It allows APM agent central configuration - management in Kibana. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - required: - - name - type: object - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the APM Server pods. - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for APM Server. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the APM Server Docker image to deploy. + type: string + kibanaRef: + description: KibanaRef is a reference to a Kibana instance running + in the same Kubernetes cluster. It allows APM agent central configuration + management in Kibana. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of the APM Server. - type: string - required: - - version - type: object - status: - description: ApmServerStatus defines the observed state of ApmServer - properties: - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - elasticsearchAssociationStatus: - description: ElasticsearchAssociationStatus is the status of any auto-linking - to Elasticsearch clusters. - type: string - health: - description: Health of the deployment. - type: string - kibanaAssociationStatus: - description: KibanaAssociationStatus is the status of any auto-linking - to Kibana. - type: string - secretTokenSecret: - description: SecretTokenSecretName is the name of the Secret that contains - the secret token - type: string - service: - description: ExternalService is the name of the service the agents should - connect to. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the APM Server + pods. + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for APM Server. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of the APM Server. + type: string + required: + - version + type: object + status: + description: ApmServerStatus defines the observed state of ApmServer + properties: + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + elasticsearchAssociationStatus: + description: ElasticsearchAssociationStatus is the status of any auto-linking + to Elasticsearch clusters. + type: string + health: + description: Health of the deployment. + type: string + kibanaAssociationStatus: + description: KibanaAssociationStatus is the status of any auto-linking + to Kibana. + type: string + secretTokenSecret: + description: SecretTokenSecretName is the name of the Secret that + contains the secret token + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service the agents + should connect to. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true - - name: v1beta1 - served: true - storage: false - - name: v1alpha1 - served: false - storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: APM version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ApmServer represents an APM Server resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApmServerSpec holds the specification of an APM Server. + properties: + config: + description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of APM Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the output Elasticsearch + cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for the APM Server + resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the APM Server Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the APM Server + pods. + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for APM Server. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + version: + description: Version of the APM Server. + type: string + type: object + status: + description: ApmServerStatus defines the observed state of ApmServer + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch + clusters. + type: string + availableNodes: + format: int32 + type: integer + health: + description: ApmServerHealth expresses the status of the Apm Server + instances. + type: string + secretTokenSecret: + description: SecretTokenSecretName is the name of the Secret that + contains the secret token + type: string + service: + description: ExternalService is the name of the service the agents + should connect to. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions + of the CRD + type: object + served: false + storage: false +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: beats.beat.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: available - type: integer - - JSONPath: .status.expectedNodes - description: Expected nodes - name: expected - type: integer - - JSONPath: .spec.type - description: Beat type - name: type - type: string - - JSONPath: .status.version - description: Beat version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: beat.k8s.elastic.co names: categories: @@ -891,259 +2003,341 @@ spec: - beat singular: beat scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Beat is the Schema for the Beats API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BeatSpec defines the desired state of a Beat. - properties: - config: - description: Config holds the Beat configuration. At most one of [`Config`, - `ConfigRef`] can be specified. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Beat configuration. Beat settings must be specified - as yaml, under a single "beat.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - daemonSet: - description: DaemonSet specifies the Beat should be deployed as a DaemonSet, - and allows providing its spec. Cannot be used along with `deployment`. - If both are absent a default for the Type is used. - properties: - updateStrategy: - description: DaemonSetUpdateStrategy is a struct used to control - the update strategy for a DaemonSet. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow our - convention for oneOf, whatever we decide it to be. Same as - Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0. Default value is 1. Example: when - this is set to 30%, at most 30% of the total number of - nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods in - their place. Once the new pods are available, it then - proceeds onto other DaemonSet pods, thus ensuring that - at least 70% of original number of DaemonSet pods are - available at all times during the update.' - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. - type: string - type: object - type: object - deployment: - description: Deployment specifies the Beat should be deployed as a Deployment, - and allows providing its spec. Cannot be used along with `daemonSet`. - If both are absent a default for the Type is used. - properties: - replicas: - format: int32 - type: integer - strategy: - description: DeploymentStrategy describes how to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update this - to follow our convention for oneOf, whatever we decide it - to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. Absolute number - is calculated from percentage by rounding up. Defaults - to 25%. Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update starts, - such that the total number of old and new pods do not - exceed 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that - total number of pods running at any time during the update - is at most 130% of desired pods.' - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately when the rolling - update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the - new ReplicaSet, ensuring that the total number of pods - available at all times during the update is at least 70% - of desired pods.' - type: object - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - type: object - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - required: - - name - type: object - image: - description: Image is the Beat Docker image to deploy. Version and Type - have to match the Beat in the image. - type: string - kibanaRef: - description: KibanaRef is a reference to a Kibana instance running in - the same Kubernetes cluster. It allows automatic setup of dashboards - and visualizations. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - required: - - name - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes Secrets - containing sensitive configuration options for the Beat. Secrets data - can be then referenced in the Beat config using the Secret's keys - or as specified in `Entries` field of each SecureSetting. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: available + type: integer + - description: Expected nodes + jsonPath: .status.expectedNodes + name: expected + type: integer + - description: Beat type + jsonPath: .spec.type + name: type + type: string + - description: Beat version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Beat is the Schema for the Beats API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BeatSpec defines the desired state of a Beat. + properties: + config: + description: Config holds the Beat configuration. At most one of [`Config`, + `ConfigRef`] can be specified. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Beat configuration. Beat settings must be specified + as yaml, under a single "beat.yml" entry. At most one of [`Config`, + `ConfigRef`] can be specified. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array secretName: description: SecretName is the name of the secret. type: string + type: object + daemonSet: + description: DaemonSet specifies the Beat should be deployed as a + DaemonSet, and allows providing its spec. Cannot be used along with + `deployment`. If both are absent a default for the Type is used. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have + when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + updateStrategy: + description: DaemonSetUpdateStrategy is a struct used to control + the update strategy for a DaemonSet. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + type = "RollingUpdate". --- TODO: Update this to follow + our convention for oneOf, whatever we decide it to be. Same + as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of nodes with an existing + available DaemonSet pod that can have an updated DaemonSet + pod during during an update. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up + to a minimum of 1. Default value is 0. Example: when + this is set to 30%, at most 30% of the total number + of nodes that should be running the daemon pod (i.e. + status.desiredNumberScheduled) can have their a new + pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. + Once an updated pod is available (Ready for at least + minReadySeconds) the old DaemonSet pod on that node + is marked deleted. If the old pod becomes unavailable + for any reason (Ready transitions to false, is evicted, + or is drained) an updated pod is immediatedly created + on that node without considering surge limits. Allowing + surge implies the possibility that the resources consumed + by the daemonset on any given node can double if the + readiness check fails, and so resource intensive daemonsets + should take into account that they may cause evictions + during disruption. This is beta field and enabled/disabled + by DaemonSetUpdateSurge feature gate.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that + can be unavailable during the update. Value can be an + absolute number (ex: 5) or a percentage of total number + of DaemonSet pods at the start of the update (ex: 10%). + Absolute number is calculated from percentage by rounding + up. This cannot be 0 if MaxSurge is 0 Default value + is 1. Example: when this is set to 30%, at most 30% + of the total number of nodes that should be running + the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given + time. The update starts by stopping at most 30% of those + DaemonSet pods and then brings up new DaemonSet pods + in their place. Once the new pods are available, it + then proceeds onto other DaemonSet pods, thus ensuring + that at least 70% of original number of DaemonSet pods + are available at all times during the update.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. + type: string + type: object + type: object + deployment: + description: Deployment specifies the Beat should be deployed as a + Deployment, and allows providing its spec. Cannot be used along + with `daemonSet`. If both are absent a default for the Type is used. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have + when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + replicas: + format: int32 + type: integer + strategy: + description: DeploymentStrategy describes how to replace existing + pods with new ones. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + DeploymentStrategyType = RollingUpdate. --- TODO: Update + this to follow our convention for oneOf, whatever we decide + it to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled + above the desired number of pods. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. + Defaults to 25%. Example: when this is set to 30%, the + new ReplicaSet can be scaled up immediately when the + rolling update starts, such that the total number of + old and new pods do not exceed 130% of desired pods. + Once old pods have been killed, new ReplicaSet can be + scaled up further, ensuring that total number of pods + running at any time during the update is at most 130% + of desired pods.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired pods (ex: 10%). Absolute + number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet + can be scaled down to 70% of desired pods immediately + when the rolling update starts. Once new pods are ready, + old ReplicaSet can be scaled down further, followed + by scaling up the new ReplicaSet, ensuring that the + total number of pods available at all times during the + update is at least 70% of desired pods.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + type: object + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to Elasticsearch resource in a different namespace. Can only - be used if ECK is enforcing RBAC on references. - type: string - type: - description: Type is the type of the Beat to deploy (filebeat, metricbeat, - heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string can - be used, but well-known types will have the image field defaulted - and have the appropriate Elasticsearch roles created automatically. - It also allows for dashboard setup when combined with a `KibanaRef`. - maxLength: 20 - pattern: '[a-zA-Z0-9-]+' - type: string - version: - description: Version of the Beat. - type: string - required: - - type - - version - type: object - status: - description: BeatStatus defines the observed state of a Beat. - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - expectedNodes: - format: int32 - type: integer - health: - type: string - kibanaAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1beta1 - versions: - - name: v1beta1 + image: + description: Image is the Beat Docker image to deploy. Version and + Type have to match the Beat in the image. + type: string + kibanaRef: + description: KibanaRef is a reference to a Kibana instance running + in the same Kubernetes cluster. It allows automatic setup of dashboards + and visualizations. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes + Secrets containing sensitive configuration options for the Beat. + Secrets data can be then referenced in the Beat config using the + Secret's keys or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to Elasticsearch resource in a different namespace. Can + only be used if ECK is enforcing RBAC on references. + type: string + type: + description: Type is the type of the Beat to deploy (filebeat, metricbeat, + heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string + can be used, but well-known types will have the image field defaulted + and have the appropriate Elasticsearch roles created automatically. + It also allows for dashboard setup when combined with a `KibanaRef`. + maxLength: 20 + pattern: '[a-zA-Z0-9-]+' + type: string + version: + description: Version of the Beat. + type: string + required: + - type + - version + type: object + status: + description: BeatStatus defines the observed state of a Beat. + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + expectedNodes: + format: int32 + type: integer + health: + type: string + kibanaAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -1155,1282 +2349,3161 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null - name: elasticsearches.elasticsearch.k8s.elastic.co + name: elasticmapsservers.maps.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Elasticsearch version - name: version - type: string - - JSONPath: .status.phase - name: phase - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date - group: elasticsearch.k8s.elastic.co + group: maps.k8s.elastic.co names: categories: - elastic - kind: Elasticsearch - listKind: ElasticsearchList - plural: elasticsearches + kind: ElasticMapsServer + listKind: ElasticMapsServerList + plural: elasticmapsservers shortNames: - - es - singular: elasticsearch + - ems + singular: elasticmapsserver scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Elasticsearch represents an Elasticsearch resource in a Kubernetes - cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ElasticsearchSpec holds the specification of an Elasticsearch - cluster. - properties: - auth: - description: Auth contains user authentication and authorization security - settings for Elasticsearch. - properties: - fileRealm: - description: FileRealm to propagate to the Elasticsearch cluster. - items: - description: FileRealmSource references users to create in the - Elasticsearch cluster. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - type: array - roles: - description: Roles to propagate to the Elasticsearch cluster. - items: - description: RoleSource references roles to create in the Elasticsearch - cluster. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: ElasticMapsServer version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ElasticMapsServer represents an Elastic Map Server resource in + a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MapsSpec holds the specification of an Elastic Maps Server + instance. + properties: + config: + description: 'Config holds the ElasticMapsServer configuration. See: + https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration' + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Elastic Maps Server configuration. Configuration + settings are merged and have precedence over settings specified + in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Elastic Maps Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Elastic Maps + Server. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - type: array - type: object - http: - description: HTTP holds HTTP layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' format: int32 type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Elasticsearch Docker image to deploy. - type: string - nodeSets: - description: NodeSets allow specifying groups of Elasticsearch nodes - sharing the same configuration and Pod templates. - items: - description: NodeSet is the specification for a group of Elasticsearch - nodes sharing the same configuration and a Pod template. - properties: - config: - description: Config holds the Elasticsearch configuration. + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object type: object - count: - description: Count of Elasticsearch nodes to deploy. If the node - set is managed by an autoscaling policy the initial value is - automatically set by the autoscaling controller. - format: int32 - type: integer - name: - description: Name of this set of nodes. Becomes a part of the - Elasticsearch node.name setting. - maxLength: 23 - pattern: '[a-zA-Z0-9-]+' - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, - annotations, affinity rules, resource requests, and so on) for - the Pods belonging to this NodeSet. + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object type: object - volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume - claims to be used by each Pod in this NodeSet. Every claim in - this list must have a matching volumeMount in one of the containers - defined in the PodTemplate. Items defined here take precedence - over any default claims added by the operator with the same - name. + type: object + image: + description: Image is the Elastic Maps Server Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Elastic Maps + Server pods + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Elastic Maps Server. + type: string + required: + - version + type: object + status: + description: MapsStatus defines the observed state of Elastic Maps Server + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: elasticsearches.elasticsearch.k8s.elastic.co +spec: + group: elasticsearch.k8s.elastic.co + names: + categories: + - elastic + kind: Elasticsearch + listKind: ElasticsearchList + plural: elasticsearches + shortNames: + - es + singular: elasticsearch + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Elasticsearch version + jsonPath: .status.version + name: version + type: string + - jsonPath: .status.phase + name: phase + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Elasticsearch represents an Elasticsearch resource in a Kubernetes + cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ElasticsearchSpec holds the specification of an Elasticsearch + cluster. + properties: + auth: + description: Auth contains user authentication and authorization security + settings for Elasticsearch. + properties: + fileRealm: + description: FileRealm to propagate to the Elasticsearch cluster. items: - description: PersistentVolumeClaim is a user's request for and - claim to a persistent volume + description: FileRealmSource references users to create in the + Elasticsearch cluster. properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + secretName: + description: SecretName is the name of the secret. type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: object + type: array + roles: + description: Roles to propagate to the Elasticsearch cluster. + items: + description: RoleSource references roles to create in the Elasticsearch + cluster. + properties: + secretName: + description: SecretName is the name of the secret. type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing - custom resource that implements data population (Alpha) - In order to use custom resource types that implement - data population, the AnyVolumeDataSource feature gate - must be enabled. If the provisioner or an external - controller can support the specified data source, - it will create a new volume based on the contents - of the specified data source.' + type: object + type: array + type: object + http: + description: HTTP holds HTTP layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. type: string name: - description: Name is the name of resource being - referenced + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true required: - - kind - - name + - port type: object - resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string type: object - selector: - description: A label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: + type: array + type: object + type: object + type: object + image: + description: Image is the Elasticsearch Docker image to deploy. + type: string + monitoring: + description: Monitoring enables you to collect and ship log and monitoring + data of this Elasticsearch cluster. See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. + Metricbeat and Filebeat are deployed in the same Pod as sidecars + and each one sends data to one or two different Elasticsearch monitoring + clusters running in the same Kubernetes cluster. + properties: + logs: + description: Logs holds references to Elasticsearch clusters which + receive log data from this Elasticsearch cluster. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + type: array + type: object + metrics: + description: Metrics holds references to Elasticsearch clusters + which receive monitoring data from this Elasticsearch cluster. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + type: array + type: object + type: object + nodeSets: + description: NodeSets allow specifying groups of Elasticsearch nodes + sharing the same configuration and Pod templates. + items: + description: NodeSet is the specification for a group of Elasticsearch + nodes sharing the same configuration and a Pod template. + properties: + config: + description: Config holds the Elasticsearch configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Elasticsearch nodes to deploy. If the + node set is managed by an autoscaling policy the initial value + is automatically set by the autoscaling controller. + format: int32 + type: integer + name: + description: Name of this set of nodes. Becomes a part of the + Elasticsearch node.name setting. + maxLength: 23 + pattern: '[a-zA-Z0-9-]+' + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, + annotations, affinity rules, resource requests, and so on) + for the Pods belonging to this NodeSet. + type: object + x-kubernetes-preserve-unknown-fields: true + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of persistent volume + claims to be used by each Pod in this NodeSet. Every claim + in this list must have a matching volumeMount in one of the + containers defined in the PodTemplate. Items defined here + take precedence over any default claims added by the operator + with the same name. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'Spec defines the desired characteristics + of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. If the AnyVolumeDataSource feature gate + is enabled, this field will always have the same + contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate + the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the DataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value + automatically if one of them is empty and the other + is non-empty. There are two important differences + between DataSource and DataSourceRef: * While DataSource + only allows two specific types of objects, DataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Alpha) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string - type: array - required: - - key - - operator + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + type: object + storageClassName: + description: 'Name of the StorageClass required by + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access + modes the volume backing the PVC has. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the + underlying volume. + type: object + conditions: + description: Current Condition of persistent volume + claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails + details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating + details about last transition. + type: string + reason: + description: Unique, this should be a short, + machine understandable string that gives the + reason for condition's last transition. If + it reports "ResizeStarted" that means the + underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type type: object + type: array + phase: + description: Phase represents the current phase of + PersistentVolumeClaim. + type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string + type: object + type: object + type: array + required: + - name + type: object + minItems: 1 + type: array + podDisruptionBudget: + description: PodDisruptionBudget provides access to the default pod + disruption budget for the Elasticsearch cluster. The default budget + selects all cluster pods and sets `maxUnavailable` to 1. To disable, + set `PodDisruptionBudget` to the empty value (`{}` in YAML). + properties: + metadata: + description: ObjectMeta is the metadata of the PDB. The name and + namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the PDB. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at most "maxUnavailable" + pods selected by "selector" are unavailable after the eviction, + i.e. even in absence of the evicted pod. For example, one + can prevent all voluntary evictions by specifying 0. This + is a mutually exclusive setting with "minAvailable". + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at least "minAvailable" + pods selected by "selector" will still be available after + the eviction, i.e. even in the absence of the evicted pod. So + for example you can prevent all voluntary evictions by specifying + "100%". + x-kubernetes-int-or-string: true + selector: + description: Label query over pods whose evictions are managed + by the disruption budget. A null selector selects no pods. + An empty selector ({}) also selects no pods, which differs + from standard behavior of selecting all pods. In policy/v1, + an empty selector will select all pods in the namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator type: object - storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: array + matchLabels: + additionalProperties: type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is implied - when not included in claim spec. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + type: object + remoteClusters: + description: RemoteClusters enables you to establish uni-directional + connections to a remote Elasticsearch cluster. + items: + description: RemoteCluster declares a remote Elasticsearch cluster + connection. + properties: + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch + cluster running within the same k8s cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, + defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced + object. It has to be in the same namespace as the referenced + resource. If left empty, the default HTTP service of the + referenced resource is used. + type: string + required: + - name + type: object + name: + description: Name is the name of the remote cluster as it is + set in the Elasticsearch settings. The name is expected to + be unique for each remote clusters. + minLength: 1 + type: string + required: + - name + type: object + type: array + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for Elasticsearch. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. a remote Elasticsearch cluster) in a + different namespace. Can only be used if ECK is enforcing RBAC on + references. + type: string + transport: + description: Transport holds transport layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: type: string - volumeName: - description: VolumeName is the binding reference to - the PersistentVolume backing this claim. + type: object + finalizers: + items: type: string - type: object - status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS on the transport + layer. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the CA certificate and private key for generating + node certificates. The referenced secret should contain + the following: \n - `ca.crt`: The CA certificate in PEM + format. - `ca.key`: The private key for the CA certificate + in PEM format." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + otherNameSuffix: + description: 'OtherNameSuffix when defined will be prefixed + with the Pod name and used as the common name, and the first + DNSName, as well as an OtherName required by Elasticsearch + in the Subject Alternative Name extension of each Elasticsearch + node''s transport TLS certificate. Example: if set to "node.cluster.local", + the generated certificate will have its otherName set to + ".node.cluster.local".' + type: string + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to + include in the generated node transport TLS certificates. + items: + description: SubjectAlternativeName represents a SAN entry + in a x509 certificate. properties: - accessModes: - description: 'AccessModes contains the actual access - modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: Represents the actual resources of the - underlying volume. + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + updateStrategy: + description: UpdateStrategy specifies how updates to the cluster should + be performed. + properties: + changeBudget: + description: ChangeBudget defines the constraints to consider + when applying changes to the Elasticsearch cluster. + properties: + maxSurge: + description: MaxSurge is the maximum number of new pods that + can be created exceeding the original number of pods defined + in the specification. MaxSurge is only taken into consideration + when scaling up. Setting a negative value will disable the + restriction. Defaults to unbounded if not specified. + format: int32 + type: integer + maxUnavailable: + description: MaxUnavailable is the maximum number of pods + that can be unavailable (not ready) during the update due + to circumstances under the control of the operator. Setting + a negative value will disable this restriction. Defaults + to 1 if not specified. + format: int32 + type: integer + type: object + type: object + version: + description: Version of Elasticsearch. + type: string + volumeClaimDeletePolicy: + description: VolumeClaimDeletePolicy sets the policy for handling + deletion of PersistentVolumeClaims for all NodeSets. Possible values + are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. + Defaults to DeleteOnScaledownAndClusterDeletion. + enum: + - DeleteOnScaledownOnly + - DeleteOnScaledownAndClusterDeletion + type: string + required: + - nodeSets + - version + type: object + status: + description: ElasticsearchStatus defines the observed state of Elasticsearch + properties: + availableNodes: + description: AvailableNodes is the number of available instances. + format: int32 + type: integer + health: + description: ElasticsearchHealth is the health of the cluster as returned + by the health API. + type: string + monitoringAssociationStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: AssociationStatusMap is the map of association's namespaced + name string to its AssociationStatus. For resources that have a + single Association of a given type (for ex. single ES reference), + this map contains a single entry. + type: object + phase: + description: ElasticsearchOrchestrationPhase is the phase Elasticsearch + is in from the controller point of view. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Elasticsearch version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .status.phase + name: phase + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Elasticsearch represents an Elasticsearch resource in a Kubernetes + cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ElasticsearchSpec holds the specification of an Elasticsearch + cluster. + properties: + http: + description: HTTP holds HTTP layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - conditions: - description: Current Condition of persistent volume - claim. If underlying persistent volume is being resized - then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails - details about state of pvc + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Elasticsearch Docker image to deploy. + type: string + nodeSets: + description: NodeSets allow specifying groups of Elasticsearch nodes + sharing the same configuration and Pod templates. + items: + description: NodeSet is the specification for a group of Elasticsearch + nodes sharing the same configuration and a Pod template. + properties: + config: + description: Config holds the Elasticsearch configuration. + type: object + count: + description: Count of Elasticsearch nodes to deploy. + format: int32 + minimum: 1 + type: integer + name: + description: Name of this set of nodes. Becomes a part of the + Elasticsearch node.name setting. + maxLength: 23 + pattern: '[a-zA-Z0-9-]+' + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, + annotations, affinity rules, resource requests, and so on) + for the Pods belonging to this NodeSet. + type: object + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of persistent volume + claims to be used by each Pod in this NodeSet. Every claim + in this list must have a matching volumeMount in one of the + containers defined in the PodTemplate. Items defined here + take precedence over any default claims added by the operator + with the same name. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'Spec defines the desired characteristics + of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. If the AnyVolumeDataSource feature gate + is enabled, this field will always have the same + contents as the DataSourceRef field.' properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. type: string - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - format: date-time + kind: + description: Kind is the type of resource being + referenced type: string - message: - description: Human-readable message indicating - details about last transition. + name: + description: Name is the name of resource being + referenced type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason - for condition's last transition. If it reports - "ResizeStarted" that means the underlying persistent - volume is being resized. + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate + the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the DataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value + automatically if one of them is empty and the other + is non-empty. There are two important differences + between DataSource and DataSourceRef: * While DataSource + only allows two specific types of objects, DataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Alpha) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. type: string - status: + kind: + description: Kind is the type of resource being + referenced type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + name: + description: Name is the name of resource being + referenced type: string required: - - status - - type + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object type: object - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - type: object - type: object - type: array - required: - - name - type: object - minItems: 1 - type: array - podDisruptionBudget: - description: PodDisruptionBudget provides access to the default pod - disruption budget for the Elasticsearch cluster. The default budget - selects all cluster pods and sets `maxUnavailable` to 1. To disable, - set `PodDisruptionBudget` to the empty value (`{}` in YAML). - properties: - metadata: - description: ObjectMeta is the metadata of the PDB. The name and - namespace provided here are managed by ECK and will be ignored. - type: object - spec: - description: Spec is the specification of the PDB. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the eviction, - i.e. even in absence of the evicted pod. For example, one - can prevent all voluntary evictions by specifying 0. This - is a mutually exclusive setting with "minAvailable". - minAvailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after - the eviction, i.e. even in the absence of the evicted pod. So - for example you can prevent all voluntary evictions by specifying - "100%". - selector: - description: Label query over pods whose evictions are managed - by the disruption budget. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + volumeName: + description: VolumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access + modes the volume backing the PVC has. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array - required: - - key - - operator + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources + tracks the capacity allocated to a PVC. It may be + larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume + expansion capacity request is lowered, allocatedResources + is only lowered if there are no expansion operations + in progress and if the actual volume capacity is + equal or lower than the requested capacity. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the + underlying volume. + type: object + conditions: + description: Current Condition of persistent volume + claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails + details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating + details about last transition. + type: string + reason: + description: Unique, this should be a short, + machine understandable string that gives the + reason for condition's last transition. If + it reports "ResizeStarted" that means the + underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of + PersistentVolumeClaim. + type: string + resizeStatus: + description: ResizeStatus stores status of resize + operation. ResizeStatus is not set by default but + when expansion is complete resizeStatus is set to + empty string by resize controller or kubelet. This + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature. + type: string type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object + type: object + type: array + required: + - count + - name type: object - type: object - remoteClusters: - description: RemoteClusters enables you to establish uni-directional - connections to a remote Elasticsearch cluster. - items: - description: RemoteCluster declares a remote Elasticsearch cluster - connection. + minItems: 1 + type: array + podDisruptionBudget: + description: PodDisruptionBudget provides access to the default pod + disruption budget for the Elasticsearch cluster. The default budget + selects all cluster pods and sets `maxUnavailable` to 1. To disable, + set `PodDisruptionBudget` to the empty value (`{}` in YAML). properties: - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch - cluster running within the same k8s cluster. + metadata: + description: ObjectMeta is the metadata of the PDB. The name and + namespace provided here are managed by ECK and will be ignored. properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object name: - description: Name of the Kubernetes object. type: string namespace: - description: Namespace of the Kubernetes object. If empty, - defaults to the current namespace. type: string - required: - - name type: object - name: - description: Name is the name of the remote cluster as it is set - in the Elasticsearch settings. The name is expected to be unique - for each remote clusters. - minLength: 1 - type: string - required: - - name - type: object - type: array - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for Elasticsearch. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. - properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. a remote Elasticsearch cluster) in a different - namespace. Can only be used if ECK is enforcing RBAC on references. - type: string - transport: - description: Transport holds transport layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port - type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + spec: + description: Spec is the specification of the PDB. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at most "maxUnavailable" + pods selected by "selector" are unavailable after the eviction, + i.e. even in absence of the evicted pod. For example, one + can prevent all voluntary evictions by specifying 0. This + is a mutually exclusive setting with "minAvailable". + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at least "minAvailable" + pods selected by "selector" will still be available after + the eviction, i.e. even in the absence of the evicted pod. So + for example you can prevent all voluntary evictions by specifying + "100%". + x-kubernetes-int-or-string: true + selector: + description: Label query over pods whose evictions are managed + by the disruption budget. A null selector selects no pods. + An empty selector ({}) also selects no pods, which differs + from standard behavior of selecting all pods. In policy/v1, + an empty selector will select all pods in the namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). - format: int32 - type: integer + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS on the transport - layer. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the CA certificate and private key for generating - node certificates. The referenced secret should contain the - following: \n - `tls.crt`: The CA certificate in PEM format. - - `tls.key`: The private key for the CA certificate in PEM - format." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - type: object - type: object - updateStrategy: - description: UpdateStrategy specifies how updates to the cluster should - be performed. - properties: - changeBudget: - description: ChangeBudget defines the constraints to consider when - applying changes to the Elasticsearch cluster. + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for Elasticsearch. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. properties: - maxSurge: - description: MaxSurge is the maximum number of new pods that - can be created exceeding the original number of pods defined - in the specification. MaxSurge is only taken into consideration - when scaling up. Setting a negative value will disable the - restriction. Defaults to unbounded if not specified. - format: int32 - type: integer - maxUnavailable: - description: MaxUnavailable is the maximum number of pods that - can be unavailable (not ready) during the update due to circumstances - under the control of the operator. Setting a negative value - will disable this restriction. Defaults to 1 if not specified. - format: int32 - type: integer + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName type: object - type: object - version: - description: Version of Elasticsearch. - type: string - volumeClaimDeletePolicy: - description: VolumeClaimDeletePolicy sets the policy for handling deletion - of PersistentVolumeClaims for all NodeSets. Possible values are DeleteOnScaledownOnly - and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion. - enum: - - DeleteOnScaledownOnly - - DeleteOnScaledownAndClusterDeletion - type: string - required: - - nodeSets - - version - type: object - status: - description: ElasticsearchStatus defines the observed state of Elasticsearch - properties: - availableNodes: - description: AvailableNodes is the number of available instances. - format: int32 - type: integer - health: - description: ElasticsearchHealth is the health of the cluster as returned - by the health API. - type: string - phase: - description: ElasticsearchOrchestrationPhase is the phase Elasticsearch - is in from the controller point of view. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1beta1 + type: array + updateStrategy: + description: UpdateStrategy specifies how updates to the cluster should + be performed. + properties: + changeBudget: + description: ChangeBudget defines the constraints to consider + when applying changes to the Elasticsearch cluster. + properties: + maxSurge: + description: MaxSurge is the maximum number of new pods that + can be created exceeding the original number of pods defined + in the specification. MaxSurge is only taken into consideration + when scaling up. Setting a negative value will disable the + restriction. Defaults to unbounded if not specified. + format: int32 + type: integer + maxUnavailable: + description: MaxUnavailable is the maximum number of pods + that can be unavailable (not ready) during the update due + to circumstances under the control of the operator. Setting + a negative value will disable this restriction. Defaults + to 1 if not specified. + format: int32 + type: integer + type: object + type: object + version: + description: Version of Elasticsearch. + type: string + required: + - nodeSets + type: object + status: + description: ElasticsearchStatus defines the observed state of Elasticsearch + properties: + availableNodes: + format: int32 + type: integer + health: + description: ElasticsearchHealth is the health of the cluster as returned + by the health API. + type: string + phase: + description: ElasticsearchOrchestrationPhase is the phase Elasticsearch + is in from the controller point of view. + type: string + type: object + type: object served: true storage: false + subresources: + status: {} - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions + of the CRD + type: object served: false storage: false status: @@ -2444,25 +5517,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Enterprise Search version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: enterprisesearch.k8s.elastic.co names: categories: @@ -2474,482 +5532,1093 @@ spec: - ent singular: enterprisesearch scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: EnterpriseSearchSpec holds the specification of an Enterprise - Search resource. - properties: - config: - description: Config holds the Enterprise Search configuration. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Enterprise Search configuration. Configuration - settings are merged and have precedence over settings specified in - `config`. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - count: - description: Count of Enterprise Search instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Enterprise - Search resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Enterprise Search version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise + Search. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnterpriseSearchSpec holds the specification of an Enterprise + Search resource. + properties: + config: + description: Config holds the Enterprise Search configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Enterprise Search configuration. Configuration + settings are merged and have precedence over settings specified + in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Enterprise Search instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the Elasticsearch + cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Enterprise + Search resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. format: int32 type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Enterprise Search Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Enterprise + Search pods. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Enterprise Search. + type: string + type: object + status: + description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch + clusters. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service associated + to the Enterprise Search Pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Enterprise Search version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise + Search. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnterpriseSearchSpec holds the specification of an Enterprise + Search resource. + properties: + config: + description: Config holds the Enterprise Search configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Enterprise Search configuration. Configuration + settings are merged and have precedence over settings specified + in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Enterprise Search instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the Elasticsearch + cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Enterprise + Search resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Enterprise Search Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Enterprise Search - pods. - type: object - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Enterprise Search. - type: string - type: object - status: - description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch - properties: - associationStatus: - description: Association is the status of any auto-linking to Elasticsearch - clusters. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - service: - description: ExternalService is the name of the service associated to - the Enterprise Search Pods. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1beta1 + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Enterprise Search Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Enterprise + Search pods. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Enterprise Search. + type: string + type: object + status: + description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch + clusters. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service associated + to the Enterprise Search Pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: false + subresources: + status: {} status: acceptedNames: kind: "" @@ -2961,25 +6630,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: kibanas.kibana.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Kibana version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: kibana.k8s.elastic.co names: categories: @@ -2991,503 +6645,1221 @@ spec: - kb singular: kibana scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Kibana represents a Kibana resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KibanaSpec holds the specification of a Kibana instance. - properties: - config: - description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' - type: object - count: - description: Count of Kibana instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Kibana. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Kibana version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Kibana represents a Kibana resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KibanaSpec holds the specification of a Kibana instance. + properties: + config: + description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Kibana instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + enterpriseSearchRef: + description: EnterpriseSearchRef is a reference to an EnterpriseSearch + running in the same Kubernetes cluster. Kibana provides the default + Enterprise Search UI starting version 7.14. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which is used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty, the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Kibana. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. format: int32 type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object type: object - type: array - type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Kibana Docker image to deploy. + type: string + monitoring: + description: Monitoring enables you to collect and ship log and monitoring + data of this Kibana. See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html. + Metricbeat and Filebeat are deployed in the same Pod as sidecars + and each one sends data to one or two different Elasticsearch monitoring + clusters running in the same Kubernetes cluster. + properties: + logs: + description: Logs holds references to Elasticsearch clusters which + will receive log data from this Kibana. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + type: array + type: object + metrics: + description: Metrics holds references to Elasticsearch clusters + which will receive monitoring data from this Kibana. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of + monitoring Elasticsearch clusters running in the same Kubernetes + cluster. Due to existing limitations, only a single Elasticsearch + cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes + object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If + empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing + Kubernetes service which is used to make requests + to the referenced object. It has to be in the same + namespace as the referenced resource. If left empty, + the default HTTP service of the referenced resource + is used. + type: string + required: + - name + type: object + type: array + type: object + type: object + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Kibana pods + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for Kibana. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName type: object - type: object - image: - description: Image is the Kibana Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Kibana pods - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for Kibana. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Kibana. + type: string + required: + - version + type: object + status: + description: KibanaStatus defines the observed state of Kibana + properties: + associationStatus: + description: AssociationStatus is the status of any auto-linking to + Elasticsearch clusters. This field is deprecated and will be removed + in a future release. Use ElasticsearchAssociationStatus instead. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in + the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is + the actual number of observed instances of the scaled object. + format: int32 + type: integer + elasticsearchAssociationStatus: + description: ElasticsearchAssociationStatus is the status of any auto-linking + to Elasticsearch clusters. + type: string + enterpriseSearchAssociationStatus: + description: EnterpriseSearchAssociationStatus is the status of any + auto-linking to Enterprise Search. + type: string + health: + description: Health of the deployment. + type: string + monitoringAssociationStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: MonitoringAssociationStatus is the status of any auto-linking + to monitoring Elasticsearch clusters. + type: object + selector: + description: Selector is the label selector used to find all pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Kibana version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Kibana represents a Kibana resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KibanaSpec holds the specification of a Kibana instance. + properties: + config: + description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Kibana instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Kibana. - type: string - required: - - version - type: object - status: - description: KibanaStatus defines the observed state of Kibana - properties: - associationStatus: - description: AssociationStatus is the status of an association resource. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1beta1 + http: + description: HTTP holds the HTTP layer configuration for Kibana. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and + will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. This field is beta-level and is only honored by + servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster + internal traffic should be routed to all endpoints or + node-local endpoints only. "Cluster" routes internal + traffic to a Service to all endpoints. "Local" routes + traffic to node-local endpoints only, traffic is dropped + if no node-local endpoints are ready. The default value + is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified + in this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be + ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a + port will be allocated if this Service requires + one. If this field is specified when creating + a Service which does not need it, creation will + fail. This field will be wiped when updating a + Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a + named port in the target Pod''s container ports. + If this is not specified, the value of the ''port'' + field is used (an identity map). This field is + ignored for services with clusterIP=None, and + should be omitted or set equal to the ''port'' + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label + keys and values matching this selector. If empty or + not present, the service is assumed to have an external + process managing its endpoints, which Kubernetes will + not modify. Only applies to types ClusterIP, NodePort, + and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: + \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the + self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning + of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs + to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN + entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Kibana Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Kibana pods + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes + secrets containing sensitive configuration options for Kibana. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the + key to. Path must not be an absolute file path and must + not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + version: + description: Version of Kibana. + type: string + type: object + status: + description: KibanaStatus defines the observed state of Kibana + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + format: int32 + type: integer + health: + description: KibanaHealth expresses the status of the Kibana instances. + type: string + type: object + type: object served: true storage: false + subresources: + status: {} - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions + of the CRD + type: object served: false storage: false status: @@ -3495,4 +7867,4 @@ status: kind: "" plural: "" conditions: [] - storedVersions: [] + storedVersions: [] \ No newline at end of file From 6abd9c907b0ba0cad620a276c659aea7b1726ec9 Mon Sep 17 00:00:00 2001 From: Seagyn Davis Date: Mon, 31 Jan 2022 10:29:35 +0200 Subject: [PATCH 07/11] fix ingress schema --- charts/lsdobserve/templates/elastic.kibana.yaml | 6 ++++-- charts/lsdobserve/templates/grafana.yaml | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/lsdobserve/templates/elastic.kibana.yaml b/charts/lsdobserve/templates/elastic.kibana.yaml index 3a64f6e..c6ef74a 100644 --- a/charts/lsdobserve/templates/elastic.kibana.yaml +++ b/charts/lsdobserve/templates/elastic.kibana.yaml @@ -50,8 +50,10 @@ spec: http: paths: - backend: - serviceName: lsdobserve-kb-http - servicePort: 5601 + service: + name: lsdobserve-kb-http + port: + number: 5601 path: / pathType: ImplementationSpecific --- diff --git a/charts/lsdobserve/templates/grafana.yaml b/charts/lsdobserve/templates/grafana.yaml index 745f1b1..7e53de7 100644 --- a/charts/lsdobserve/templates/grafana.yaml +++ b/charts/lsdobserve/templates/grafana.yaml @@ -102,8 +102,10 @@ spec: http: paths: - backend: - serviceName: lsdobserve-grafana - servicePort: 80 + service: + name: lsdobserve-grafana + port: + number: 80 path: / pathType: ImplementationSpecific --- From 1dfbfbdc7722633227678de61608fb529c6b04bf Mon Sep 17 00:00:00 2001 From: Seagyn Davis Date: Tue, 1 Feb 2022 16:43:24 +0200 Subject: [PATCH 08/11] Fix the install of LSDobserve --- charts/lsdobserve/Chart.yaml | 8 +-- charts/lsdobserve/templates/grafana.yaml | 83 ------------------------ charts/lsdobserve/values.yaml | 59 +++++++++++++++-- 3 files changed, 59 insertions(+), 91 deletions(-) diff --git a/charts/lsdobserve/Chart.yaml b/charts/lsdobserve/Chart.yaml index 0a99dd3..8ef6fd4 100644 --- a/charts/lsdobserve/Chart.yaml +++ b/charts/lsdobserve/Chart.yaml @@ -23,14 +23,14 @@ tillerVersion: ">=v3.2.1" dependencies: - name: prometheus - version: "13.7.0" + version: "15.1.1" repository: https://prometheus-community.github.io/helm-charts - name: prometheus-blackbox-exporter - version: "4.10.4" + version: "5.3.1" repository: https://prometheus-community.github.io/helm-charts - name: eck-operator - version: "1.3.1" + version: "1.9.1" repository: https://helm.elastic.co - name: grafana - version: "6.7.4" + version: "6.21.1" repository: https://grafana.github.io/helm-charts diff --git a/charts/lsdobserve/templates/grafana.yaml b/charts/lsdobserve/templates/grafana.yaml index 7e53de7..250b01a 100644 --- a/charts/lsdobserve/templates/grafana.yaml +++ b/charts/lsdobserve/templates/grafana.yaml @@ -1,87 +1,4 @@ # Grafana Configmap ---- -apiVersion: v1 -data: - dashboardproviders.yaml: | - apiVersion: 1 - providers: - - disableDeletion: false - editable: false - folder: LSDcontainer - name: ds-01 - options: - path: /var/lib/grafana/dashboards/ds-01 - orgId: 1 - type: file - - disableDeletion: false - editable: false - folder: LSDcontainer - name: ds-02 - options: - path: /var/lib/grafana/dashboards/ds-02 - orgId: 1 - type: file - - disableDeletion: false - editable: false - folder: LSDcontainer - name: ds-03 - options: - path: /var/lib/grafana/dashboards/ds-03 - orgId: 1 - type: file - - disableDeletion: false - editable: false - folder: LSDcontainer - name: ds-04 - options: - path: /var/lib/grafana/dashboards/ds-04 - orgId: 1 - type: file - - disableDeletion: false - editable: false - folder: LSDcontainer - name: ds-05 - options: - path: /var/lib/grafana/dashboards/ds-05 - orgId: 1 - type: file - datasources.yaml: | - apiVersion: 1 - datasources: - - isDefault: true - name: LSDobserve - Prometheus - type: prometheus - url: http://lsdobserve-prometheus-server - grafana.ini: | - [server] - root_url = https://{{ .Values.lsdobserve.grafana.ingress.url }} - [analytics] - check_for_updates = true - [grafana_net] - url = https://{{ .Values.lsdobserve.grafana.ingress.url }} - [smtp] - enabled = true - host = {{ .Values.lsdobserve.smtpHost }}:{{ .Values.lsdobserve.smtpPort }} - skip_verify = true - from_address = {{ .Values.lsdobserve.fromAddress }} - from_name = {{ .Values.lsdobserve.fromName }} - [emails] - welcome_email_on_sign_up = true - templates_pattern = emails/*.html - [log] - mode = console - [paths] - data = /var/lib/grafana/data - logs = /var/log/grafana - plugins = /var/lib/grafana/plugins - provisioning = /etc/grafana/provisioning -kind: ConfigMap -metadata: - annotations: - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} - name: lsdobserve-grafana ---- # Grafana Ingress {{- if or (eq .Values.lsdobserve.clusterType "gke") (eq .Values.lsdobserve.clusterType "rancher") -}} diff --git a/charts/lsdobserve/values.yaml b/charts/lsdobserve/values.yaml index b2e2ea6..d01647e 100644 --- a/charts/lsdobserve/values.yaml +++ b/charts/lsdobserve/values.yaml @@ -112,6 +112,25 @@ grafana: type: pvc size: 1Gi storageClassName: *anchorstorageClass + grafana.ini: + analytics: + check_for_updates: true + smtp: + enabled: true + host: *anchorsmtpSmartHost + skip_verify: true + from_address: *anchorfromAddress + from_name: *anchorfromName + emails: + welcome_email_on_sign_up: true + templates_pattern: emails/*.html + log: + mode: console + paths: + data: /var/lib/grafana/data + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning datasources: datasources.yaml: apiVersion: 1 @@ -124,14 +143,46 @@ grafana: dashboardproviders.yaml: apiVersion: 1 providers: - - name: "ds-01" + - disableDeletion: false + editable: false + folder: LSDcontainer + name: ds-01 + options: + path: /var/lib/grafana/dashboards/ds-01 orgId: 1 - folder: "LSDcontainer" type: file - disableDeletion: false + - disableDeletion: false editable: false + folder: LSDcontainer + name: ds-02 options: - path: /var/lib/grafana/dashboards/ds-01 + path: /var/lib/grafana/dashboards/ds-02 + orgId: 1 + type: file + - disableDeletion: false + editable: false + folder: LSDcontainer + name: ds-03 + options: + path: /var/lib/grafana/dashboards/ds-03 + orgId: 1 + type: file + - disableDeletion: false + editable: false + folder: LSDcontainer + name: ds-04 + options: + path: /var/lib/grafana/dashboards/ds-04 + orgId: 1 + type: file + - disableDeletion: false + editable: false + folder: LSDcontainer + name: ds-05 + options: + path: /var/lib/grafana/dashboards/ds-05 + orgId: 1 + type: file dashboardsConfigMaps: ds-01: "grafana-dashboard-kubernetes-overview" ds-02: "grafana-dashboard-namespace-details" From 2fab25f1ad908979aaedd9f3f7f2e7fcfeed78a3 Mon Sep 17 00:00:00 2001 From: Mark Billett Date: Tue, 8 Feb 2022 15:35:13 +0200 Subject: [PATCH 09/11] Lots of fixes to ECK components --- {charts/ahoy => ahoy}/Chart.yaml | 0 .../templates/cluster-role-binding.yaml | 0 .../ahoy => ahoy}/templates/deployment.yaml | 0 {charts/ahoy => ahoy}/templates/ingress.yaml | 0 .../templates/keycloak-realm-configmap.yaml | 0 .../templates/properties-prod-configmap.yaml | 0 {charts/ahoy => ahoy}/templates/route.yaml | 0 .../templates/service-account.yaml | 0 {charts/ahoy => ahoy}/templates/service.yaml | 0 {charts/ahoy => ahoy}/values-gke.yaml | 0 {charts/ahoy => ahoy}/values-k8s.yaml | 0 {charts/ahoy => ahoy}/values-ocp.yaml | 0 {charts/ahoy => ahoy}/values.yaml | 0 charts/lsdobserve/Chart.yaml | 8 +- charts/lsdobserve/crds/elastic-crds.yaml | 11948 ++++++---------- .../templates/elastic.configmaps.yaml | 4 +- charts/lsdobserve/templates/elastic.jobs.yaml | 8 +- .../lsdobserve/templates/elastic.kibana.yaml | 8 +- .../elastic.metricbeat-prometheus.yaml | 19 +- .../templates/elastic.metricbeat.yaml | 10 +- charts/lsdobserve/values-mark.yaml | 521 + 21 files changed, 4946 insertions(+), 7580 deletions(-) rename {charts/ahoy => ahoy}/Chart.yaml (100%) rename {charts/ahoy => ahoy}/templates/cluster-role-binding.yaml (100%) rename {charts/ahoy => ahoy}/templates/deployment.yaml (100%) rename {charts/ahoy => ahoy}/templates/ingress.yaml (100%) rename {charts/ahoy => ahoy}/templates/keycloak-realm-configmap.yaml (100%) rename {charts/ahoy => ahoy}/templates/properties-prod-configmap.yaml (100%) rename {charts/ahoy => ahoy}/templates/route.yaml (100%) rename {charts/ahoy => ahoy}/templates/service-account.yaml (100%) rename {charts/ahoy => ahoy}/templates/service.yaml (100%) rename {charts/ahoy => ahoy}/values-gke.yaml (100%) rename {charts/ahoy => ahoy}/values-k8s.yaml (100%) rename {charts/ahoy => ahoy}/values-ocp.yaml (100%) rename {charts/ahoy => ahoy}/values.yaml (100%) create mode 100644 charts/lsdobserve/values-mark.yaml diff --git a/charts/ahoy/Chart.yaml b/ahoy/Chart.yaml similarity index 100% rename from charts/ahoy/Chart.yaml rename to ahoy/Chart.yaml diff --git a/charts/ahoy/templates/cluster-role-binding.yaml b/ahoy/templates/cluster-role-binding.yaml similarity index 100% rename from charts/ahoy/templates/cluster-role-binding.yaml rename to ahoy/templates/cluster-role-binding.yaml diff --git a/charts/ahoy/templates/deployment.yaml b/ahoy/templates/deployment.yaml similarity index 100% rename from charts/ahoy/templates/deployment.yaml rename to ahoy/templates/deployment.yaml diff --git a/charts/ahoy/templates/ingress.yaml b/ahoy/templates/ingress.yaml similarity index 100% rename from charts/ahoy/templates/ingress.yaml rename to ahoy/templates/ingress.yaml diff --git a/charts/ahoy/templates/keycloak-realm-configmap.yaml b/ahoy/templates/keycloak-realm-configmap.yaml similarity index 100% rename from charts/ahoy/templates/keycloak-realm-configmap.yaml rename to ahoy/templates/keycloak-realm-configmap.yaml diff --git a/charts/ahoy/templates/properties-prod-configmap.yaml b/ahoy/templates/properties-prod-configmap.yaml similarity index 100% rename from charts/ahoy/templates/properties-prod-configmap.yaml rename to ahoy/templates/properties-prod-configmap.yaml diff --git a/charts/ahoy/templates/route.yaml b/ahoy/templates/route.yaml similarity index 100% rename from charts/ahoy/templates/route.yaml rename to ahoy/templates/route.yaml diff --git a/charts/ahoy/templates/service-account.yaml b/ahoy/templates/service-account.yaml similarity index 100% rename from charts/ahoy/templates/service-account.yaml rename to ahoy/templates/service-account.yaml diff --git a/charts/ahoy/templates/service.yaml b/ahoy/templates/service.yaml similarity index 100% rename from charts/ahoy/templates/service.yaml rename to ahoy/templates/service.yaml diff --git a/charts/ahoy/values-gke.yaml b/ahoy/values-gke.yaml similarity index 100% rename from charts/ahoy/values-gke.yaml rename to ahoy/values-gke.yaml diff --git a/charts/ahoy/values-k8s.yaml b/ahoy/values-k8s.yaml similarity index 100% rename from charts/ahoy/values-k8s.yaml rename to ahoy/values-k8s.yaml diff --git a/charts/ahoy/values-ocp.yaml b/ahoy/values-ocp.yaml similarity index 100% rename from charts/ahoy/values-ocp.yaml rename to ahoy/values-ocp.yaml diff --git a/charts/ahoy/values.yaml b/ahoy/values.yaml similarity index 100% rename from charts/ahoy/values.yaml rename to ahoy/values.yaml diff --git a/charts/lsdobserve/Chart.yaml b/charts/lsdobserve/Chart.yaml index e04900e..e6deca8 100644 --- a/charts/lsdobserve/Chart.yaml +++ b/charts/lsdobserve/Chart.yaml @@ -1,10 +1,6 @@ apiVersion: v2 name: lsdobserve -<<<<<<< HEAD -version: "1.1.0" -======= -version: "1.0.84" ->>>>>>> f3c86f41175acbf99faa048d28c069c8c13fa182 +version: "1.0.85" appVersion: "1.0.2" # Disabling kubeVersion because GKE is dumb # kubeVersion: ">=v1.11.0" @@ -39,5 +35,5 @@ dependencies: version: "6.21.1" repository: https://grafana.github.io/helm-charts - name: logstash - version: "7.10.2" + version: "7.16.3" repository: https://helm.elastic.co diff --git a/charts/lsdobserve/crds/elastic-crds.yaml b/charts/lsdobserve/crds/elastic-crds.yaml index 62a5f3f..2e4c359 100644 --- a/charts/lsdobserve/crds/elastic-crds.yaml +++ b/charts/lsdobserve/crds/elastic-crds.yaml @@ -1,12 +1,91 @@ -# https://raw.githubusercontent.com/elastic/cloud-on-k8s/main/config/crds/v1/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1 +# Source: eck-operator/templates/operator-namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + name: elastic-system + labels: + name: elastic-system +--- +# Source: eck-operator/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-operator + namespace: elastic-system + labels: + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +--- +# Source: eck-operator/templates/webhook.yaml +apiVersion: v1 +kind: Secret +metadata: + name: elastic-webhook-server-cert + namespace: elastic-system + labels: + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +--- +# Source: eck-operator/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastic-operator + namespace: elastic-system + labels: + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +data: + eck.yaml: |- + log-verbosity: 0 + metrics-port: 0 + container-registry: docker.elastic.co + max-concurrent-reconciles: 3 + ca-cert-validity: 8760h + ca-cert-rotate-before: 24h + cert-validity: 8760h + cert-rotate-before: 24h + set-default-security-context: true + kube-client-timeout: 60s + elasticsearch-client-timeout: 180s + disable-telemetry: false + validate-storage-class: true + enable-webhook: true + webhook-name: elastic-webhook.k8s.elastic.co + namespaces: lsdobserve +--- +# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null + labels: + app.kubernetes.io/instance: 'elastic-operator' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '1.6.0' name: agents.agent.k8s.elastic.co spec: + additionalPrinterColumns: + - JSONPath: .status.health + name: health + type: string + - JSONPath: .status.availableNodes + description: Available nodes + name: available + type: integer + - JSONPath: .status.expectedNodes + description: Expected nodes + name: expected + type: integer + - JSONPath: .status.version + description: Agent version + name: version + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: agent.k8s.elastic.co names: categories: @@ -18,237 +97,143 @@ spec: - agent singular: agent scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: available - type: integer - - description: Expected nodes - jsonPath: .status.expectedNodes - name: expected - type: integer - - description: Agent version - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: Agent is the Schema for the Agents API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AgentSpec defines the desired state of the Agent - properties: - config: - description: Config holds the Agent configuration. At most one of - [`Config`, `ConfigRef`] can be specified. - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Agent configuration. Agent settings must be specified - as yaml, under a single "agent.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - daemonSet: - description: DaemonSet specifies the Agent should be deployed as a - DaemonSet, and allows providing its spec. Cannot be used along with - `deployment`. - properties: - podTemplate: - description: PodTemplateSpec describes the data a pod should have - when created from a template - type: object - x-kubernetes-preserve-unknown-fields: true - updateStrategy: - description: DaemonSetUpdateStrategy is a struct used to control - the update strategy for a DaemonSet. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow - our convention for oneOf, whatever we decide it to be. Same - as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of nodes with an existing - available DaemonSet pod that can have an updated DaemonSet - pod during during an update. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). This can not be 0 if MaxUnavailable is 0. Absolute - number is calculated from percentage by rounding up - to a minimum of 1. Default value is 0. Example: when - this is set to 30%, at most 30% of the total number - of nodes that should be running the daemon pod (i.e. - status.desiredNumberScheduled) can have their a new - pod created before the old pod is marked as deleted. - The update starts by launching new pods on 30% of nodes. - Once an updated pod is available (Ready for at least - minReadySeconds) the old DaemonSet pod on that node - is marked deleted. If the old pod becomes unavailable - for any reason (Ready transitions to false, is evicted, - or is drained) an updated pod is immediatedly created - on that node without considering surge limits. Allowing - surge implies the possibility that the resources consumed - by the daemonset on any given node can double if the - readiness check fails, and so resource intensive daemonsets - should take into account that they may cause evictions - during disruption. This is beta field and enabled/disabled - by DaemonSetUpdateSurge feature gate.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0 if MaxSurge is 0 Default value - is 1. Example: when this is set to 30%, at most 30% - of the total number of nodes that should be running - the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods - in their place. Once the new pods are available, it - then proceeds onto other DaemonSet pods, thus ensuring - that at least 70% of original number of DaemonSet pods - are available at all times during the update.' - x-kubernetes-int-or-string: true - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. - type: string - type: object - type: object - deployment: - description: Deployment specifies the Agent should be deployed as - a Deployment, and allows providing its spec. Cannot be used along - with `daemonSet`. - properties: - podTemplate: - description: PodTemplateSpec describes the data a pod should have - when created from a template - type: object - x-kubernetes-preserve-unknown-fields: true - replicas: - format: int32 - type: integer - strategy: - description: DeploymentStrategy describes how to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update - this to follow our convention for oneOf, whatever we decide - it to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). This can not be 0 if MaxUnavailable is 0. Absolute - number is calculated from percentage by rounding up. - Defaults to 25%. Example: when this is set to 30%, the - new ReplicaSet can be scaled up immediately when the - rolling update starts, such that the total number of - old and new pods do not exceed 130% of desired pods. - Once old pods have been killed, new ReplicaSet can be - scaled up further, ensuring that total number of pods - running at any time during the update is at most 130% - of desired pods.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods immediately - when the rolling update starts. Once new pods are ready, - old ReplicaSet can be scaled down further, followed - by scaling up the new ReplicaSet, ensuring that the - total number of pods available at all times during the - update is at least 70% of desired pods.' - x-kubernetes-int-or-string: true - type: object - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - type: object - elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of Elasticsearch - clusters running in the same Kubernetes cluster. Due to existing - limitations, only a single ES cluster is currently supported. - items: + subresources: + status: {} + validation: + openAPIV3Schema: + description: Agent is the Schema for the Agents API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AgentSpec defines the desired state of the Agent + properties: + config: + description: Config holds the Agent configuration. At most one of [`Config`, + `ConfigRef`] can be specified. + type: object + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Agent configuration. Agent settings must be specified + as yaml, under a single "agent.yml" entry. At most one of [`Config`, + `ConfigRef`] can be specified. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + daemonSet: + description: DaemonSet specifies the Agent should be deployed as a DaemonSet, + and allows providing its spec. Cannot be used along with `deployment`. + properties: + updateStrategy: + description: DaemonSetUpdateStrategy is a struct used to control + the update strategy for a DaemonSet. properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - outputName: + rollingUpdate: + description: 'Rolling update config params. Present only if + type = "RollingUpdate". --- TODO: Update this to follow our + convention for oneOf, whatever we decide it to be. Same as + Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that + can be unavailable during the update. Value can be an + absolute number (ex: 5) or a percentage of total number + of DaemonSet pods at the start of the update (ex: 10%). + Absolute number is calculated from percentage by rounding + up. This cannot be 0. Default value is 1. Example: when + this is set to 30%, at most 30% of the total number of + nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given + time. The update starts by stopping at most 30% of those + DaemonSet pods and then brings up new DaemonSet pods in + their place. Once the new pods are available, it then + proceeds onto other DaemonSet pods, thus ensuring that + at least 70% of original number of DaemonSet pods are + available at all times during the update.' + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced - resource is used. + type: object + type: object + deployment: + description: Deployment specifies the Agent should be deployed as a + Deployment, and allows providing its spec. Cannot be used along with + `daemonSet`. + properties: + replicas: + format: int32 + type: integer + strategy: + description: DeploymentStrategy describes how to replace existing + pods with new ones. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + DeploymentStrategyType = RollingUpdate. --- TODO: Update this + to follow our convention for oneOf, whatever we decide it + to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled + above the desired number of pods. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. Absolute number + is calculated from percentage by rounding up. Defaults + to 25%. Example: when this is set to 30%, the new ReplicaSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new pods do not + exceed 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that + total number of pods running at any time during the update + is at most 130% of desired pods.' + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired pods (ex: 10%). Absolute + number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: + when this is set to 30%, the old ReplicaSet can be scaled + down to 70% of desired pods immediately when the rolling + update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the + new ReplicaSet, ensuring that the total number of pods + available at all times during the update is at least 70% + of desired pods.' + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. type: string - required: - - name type: object - type: array - fleetServerEnabled: - description: FleetServerEnabled determines whether this Agent will - launch Fleet Server. Don't set unless `mode` is set to `fleet`. - type: boolean - fleetServerRef: - description: FleetServerRef is a reference to Fleet Server that this - Agent should connect to to obtain it's configuration. Don't set - unless `mode` is set to `fleet`. + type: object + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of Elasticsearch + clusters running in the same Kubernetes cluster. Due to existing limitations, + only a single ES cluster is currently supported. + items: properties: name: description: Name of the Kubernetes object. @@ -257,546 +242,103 @@ spec: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + outputName: + type: string serviceName: description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + service which will be used to make requests to the referenced + object. It has to be in the same namespace as the referenced + resource. If left empty the default HTTP service of the referenced + resource will be used. type: string required: - name type: object - http: - description: HTTP holds the HTTP layer configuration for the Agent - in Fleet mode with Fleet Server enabled. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Agent Docker image to deploy. Version has - to match the Agent in the image. - type: string - kibanaRef: - description: KibanaRef is a reference to Kibana where Fleet should - be set up and this Agent should be enrolled. Don't set unless `mode` - is set to `fleet`. + type: array + image: + description: Image is the Agent Docker image to deploy. Version has + to match the Agent in the image. + type: string + secureSettings: + description: SecureSettings is a list of references to Kubernetes Secrets + containing sensitive configuration options for the Agent. Secrets + data can be then referenced in the Agent config using the Secret's + keys or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key + to. Path must not be an absolute file path and must not + contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. type: string required: - - name - type: object - mode: - description: Mode specifies the source of configuration for the Agent. - The configuration can be specified locally through `config` or `configRef` - (`standalone` mode), or come from Fleet during runtime (`fleet` - mode). Defaults to `standalone` mode. - enum: - - standalone - - fleet - type: string - secureSettings: - description: SecureSettings is a list of references to Kubernetes - Secrets containing sensitive configuration options for the Agent. - Secrets data can be then referenced in the Agent config using the - Secret's keys or as specified in `Entries` field of each SecureSetting. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. - properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to an Elasticsearch resource in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of the Agent. - type: string - required: - - version - type: object - status: - description: AgentStatus defines the observed state of the Agent - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationsStatus: - additionalProperties: - description: AssociationStatus is the status of an association resource. - type: string - description: AssociationStatusMap is the map of association's namespaced - name string to its AssociationStatus. For resources that have a - single Association of a given type (for ex. single ES reference), - this map contains a single entry. + - secretName type: object - expectedNodes: - format: int32 - type: integer - fleetServerAssociationStatus: + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to an Elasticsearch resource in a different namespace. Can + only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of the Agent. + type: string + required: + - version + type: object + status: + description: AgentStatus defines the observed state of the Agent + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationsStatus: + additionalProperties: description: AssociationStatus is the status of an association resource. type: string - health: - type: string - kibanaAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - type: object + description: AssociationStatusMap is the map of association's namespaced + name string to its AssociationStatus. For resources that have a single + Association of a given type (eg. single ES reference), this map will + contain a single entry. + type: object + expectedNodes: + format: int32 + type: integer + health: + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + version: v1alpha1 + versions: + - name: v1alpha1 served: true storage: true - subresources: - status: {} status: acceptedNames: kind: "" @@ -804,14 +346,34 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1 +# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null + labels: + app.kubernetes.io/instance: 'elastic-operator' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '1.6.0' name: apmservers.apm.k8s.elastic.co spec: + additionalPrinterColumns: + - JSONPath: .status.health + name: health + type: string + - JSONPath: .status.availableNodes + description: Available nodes + name: nodes + type: integer + - JSONPath: .status.version + description: APM version + name: version + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: apm.k8s.elastic.co names: categories: @@ -823,1157 +385,546 @@ spec: - apm singular: apmserver scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: APM version - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - schema: - openAPIV3Schema: - description: ApmServer represents an APM Server resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ApmServerSpec holds the specification of an APM Server. - properties: - config: - description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' - type: object - x-kubernetes-preserve-unknown-fields: true - count: - description: Count of APM Server instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the output Elasticsearch - cluster running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for the APM Server - resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string + subresources: + status: {} + validation: + openAPIV3Schema: + description: ApmServer represents an APM Server resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApmServerSpec holds the specification of an APM Server. + properties: + config: + description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' + type: object + count: + description: Count of APM Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the output Elasticsearch + cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for the APM Server + resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and will + be ignored. + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. + allocateLoadBalancerNodePorts may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. This field is alpha-level + and is only honored by servers that enable the ServiceLBNodePortControl + feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not + be changed through updates unless the type field is also + being changed to ExternalName (which requires this field + to be blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and proxying + is not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will + fail. This field may not be changed through updates unless + the type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is + being changed from ExternalName (in which case this field + may optionally be specified, as describe above). Valid + values are \"None\", empty string (\"\"), or a valid IP + address. Setting this to \"None\" makes a \"headless + service\" (no virtual IP), which is useful when direct + endpoint connections are preferred and proxying is not + required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have + the same value. \n Unless the \"IPv6DualStack\" feature + gate is enabled, this field is limited to one value, which + must be the same as the clusterIP field. If the feature + gate is enabled, this field may hold a maximum of two + entries (dual-stack IPs, in either order). These IPs + must correspond to the values of the ipFamilies field. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will be + involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires Type to be + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). + format: int32 + type: integer + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service, and is gated by + the \"IPv6DualStack\" feature gate. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" and + \"IPv6\". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to \"headless\" services. This field will be wiped when + updating a Service to type ExternalName. \n This field + may hold a maximum of two entries (dual-stack families, + in either order). These families must correspond to the + values of the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an + IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service, and is gated by + the "IPv6DualStack" feature gate. If there is no value + provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified in + this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be ignored + if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. This is + a beta field that is guarded by the ServiceAppProtocol + feature gate and enabled by default. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should be + omitted or set equal to the ''port'' field. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + required: + - port type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. + type: array + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only + applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of + Client IP based session affinity. properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. + type: object + topologyKeys: + description: topologyKeys is a preference-order list of + topology keys which implementations of services should + use to preferentially sort endpoints when accessing this + Service, it can not be used at the same time as externalTrafficPolicy=Local. + Topology keys must be valid label keys and at most 16 + keys may be specified. Endpoints are chosen based on the + first topology key with available backends. If this field + is specified and all entries have no backends that match + the topology of the client, the service has no backends + for that client and connections should fail. The special + value "*" may be used to mean "any topology". This catch-all + value, if used, only makes sense as the last value in + the list. If this is not specified or empty, no topology + constraints will be applied. This field is alpha-level + and is only honored by servers that enable the ServiceTopology + feature. + items: + type: string + type: array + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is + not specified, by manual construction of an Endpoints + object or EndpointSlice objects. If clusterIP is "None", + no virtual IP is allocated and the endpoints are published + as a set of endpoints rather than a virtual IP. "NodePort" + builds on ClusterIP and allocates a port on every node + which routes to the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the + same endpoints as the clusterIP. "ExternalName" aliases + this service to the specified externalName. Several other + fields do not apply to ExternalName services. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: \n + - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed + certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of + the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to + include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry + in a x509 certificate. properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the APM Server Docker image to deploy. - type: string - kibanaRef: - description: KibanaRef is a reference to a Kibana instance running - in the same Kubernetes cluster. It allows APM agent central configuration - management in Kibana. + type: array + type: object + type: object + type: object + image: + description: Image is the APM Server Docker image to deploy. + type: string + kibanaRef: + description: KibanaRef is a reference to a Kibana instance running in + the same Kubernetes cluster. It allows APM agent central configuration + management in Kibana. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string + required: + - name + type: object + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the APM Server pods. + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets + containing sensitive configuration options for APM Server. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key + to. Path must not be an absolute file path and must not + contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. type: string required: - - name + - secretName type: object - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the APM Server - pods. - type: object - x-kubernetes-preserve-unknown-fields: true - secureSettings: - description: SecureSettings is a list of references to Kubernetes - secrets containing sensitive configuration options for APM Server. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. - properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of the APM Server. - type: string - required: - - version - type: object - status: - description: ApmServerStatus defines the observed state of ApmServer - properties: - availableNodes: - description: AvailableNodes is the number of available replicas in - the deployment. - format: int32 - type: integer - count: - description: Count corresponds to Scale.Status.Replicas, which is - the actual number of observed instances of the scaled object. - format: int32 - type: integer - elasticsearchAssociationStatus: - description: ElasticsearchAssociationStatus is the status of any auto-linking - to Elasticsearch clusters. - type: string - health: - description: Health of the deployment. - type: string - kibanaAssociationStatus: - description: KibanaAssociationStatus is the status of any auto-linking - to Kibana. - type: string - secretTokenSecret: - description: SecretTokenSecretName is the name of the Secret that - contains the secret token - type: string - selector: - description: Selector is the label selector used to find all pods. - type: string - service: - description: ExternalService is the name of the service the agents - should connect to. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of the APM Server. + type: string + required: + - version + type: object + status: + description: ApmServerStatus defines the observed state of ApmServer + properties: + availableNodes: + description: AvailableNodes is the number of available replicas in the + deployment. + format: int32 + type: integer + elasticsearchAssociationStatus: + description: ElasticsearchAssociationStatus is the status of any auto-linking + to Elasticsearch clusters. + type: string + health: + description: Health of the deployment. + type: string + kibanaAssociationStatus: + description: KibanaAssociationStatus is the status of any auto-linking + to Kibana. + type: string + secretTokenSecret: + description: SecretTokenSecretName is the name of the Secret that contains + the secret token + type: string + service: + description: ExternalService is the name of the service the agents should + connect to. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + version: v1 + versions: + - name: v1 served: true storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.count - status: {} - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: APM version - jsonPath: .spec.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ApmServer represents an APM Server resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ApmServerSpec holds the specification of an APM Server. - properties: - config: - description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' - type: object - x-kubernetes-preserve-unknown-fields: true - count: - description: Count of APM Server instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the output Elasticsearch - cluster running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for the APM Server - resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the APM Server Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the APM Server - pods. - type: object - x-kubernetes-preserve-unknown-fields: true - secureSettings: - description: SecureSettings is a list of references to Kubernetes - secrets containing sensitive configuration options for APM Server. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. - properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - version: - description: Version of the APM Server. - type: string - type: object - status: - description: ApmServerStatus defines the observed state of ApmServer - properties: - associationStatus: - description: Association is the status of any auto-linking to Elasticsearch - clusters. - type: string - availableNodes: - format: int32 - type: integer - health: - description: ApmServerHealth expresses the status of the Apm Server - instances. - type: string - secretTokenSecret: - description: SecretTokenSecretName is the name of the Secret that - contains the secret token - type: string - service: - description: ExternalService is the name of the service the agents - should connect to. - type: string - type: object - type: object + - name: v1beta1 served: true storage: false - subresources: - status: {} - name: v1alpha1 - schema: - openAPIV3Schema: - description: to not break compatibility when upgrading from previous versions - of the CRD - type: object served: false storage: false status: @@ -1983,14 +934,42 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1 +# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null + labels: + app.kubernetes.io/instance: 'elastic-operator' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '1.6.0' name: beats.beat.k8s.elastic.co spec: + additionalPrinterColumns: + - JSONPath: .status.health + name: health + type: string + - JSONPath: .status.availableNodes + description: Available nodes + name: available + type: integer + - JSONPath: .status.expectedNodes + description: Expected nodes + name: expected + type: integer + - JSONPath: .spec.type + description: Beat type + name: type + type: string + - JSONPath: .status.version + description: Beat version + name: version + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: beat.k8s.elastic.co names: categories: @@ -2002,341 +981,273 @@ spec: - beat singular: beat scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: available - type: integer - - description: Expected nodes - jsonPath: .status.expectedNodes - name: expected - type: integer - - description: Beat type - jsonPath: .spec.type - name: type - type: string - - description: Beat version - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Beat is the Schema for the Beats API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BeatSpec defines the desired state of a Beat. - properties: - config: - description: Config holds the Beat configuration. At most one of [`Config`, - `ConfigRef`] can be specified. - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Beat configuration. Beat settings must be specified - as yaml, under a single "beat.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. + subresources: + status: {} + validation: + openAPIV3Schema: + description: Beat is the Schema for the Beats API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BeatSpec defines the desired state of a Beat. + properties: + config: + description: Config holds the Beat configuration. At most one of [`Config`, + `ConfigRef`] can be specified. + type: object + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Beat configuration. Beat settings must be specified + as yaml, under a single "beat.yml" entry. At most one of [`Config`, + `ConfigRef`] can be specified. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + daemonSet: + description: DaemonSet specifies the Beat should be deployed as a DaemonSet, + and allows providing its spec. Cannot be used along with `deployment`. + If both are absent a default for the Type is used. + properties: + updateStrategy: + description: DaemonSetUpdateStrategy is a struct used to control + the update strategy for a DaemonSet. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + type = "RollingUpdate". --- TODO: Update this to follow our + convention for oneOf, whatever we decide it to be. Same as + Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that + can be unavailable during the update. Value can be an + absolute number (ex: 5) or a percentage of total number + of DaemonSet pods at the start of the update (ex: 10%). + Absolute number is calculated from percentage by rounding + up. This cannot be 0. Default value is 1. Example: when + this is set to 30%, at most 30% of the total number of + nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given + time. The update starts by stopping at most 30% of those + DaemonSet pods and then brings up new DaemonSet pods in + their place. Once the new pods are available, it then + proceeds onto other DaemonSet pods, thus ensuring that + at least 70% of original number of DaemonSet pods are + available at all times during the update.' + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. + type: string + type: object + type: object + deployment: + description: Deployment specifies the Beat should be deployed as a Deployment, + and allows providing its spec. Cannot be used along with `daemonSet`. + If both are absent a default for the Type is used. + properties: + replicas: + format: int32 + type: integer + strategy: + description: DeploymentStrategy describes how to replace existing + pods with new ones. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if + DeploymentStrategyType = RollingUpdate. --- TODO: Update this + to follow our convention for oneOf, whatever we decide it + to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled + above the desired number of pods. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. Absolute number + is calculated from percentage by rounding up. Defaults + to 25%. Example: when this is set to 30%, the new ReplicaSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new pods do not + exceed 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that + total number of pods running at any time during the update + is at most 130% of desired pods.' + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired pods (ex: 10%). Absolute + number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: + when this is set to 30%, the old ReplicaSet can be scaled + down to 70% of desired pods immediately when the rolling + update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the + new ReplicaSet, ensuring that the total number of pods + available at all times during the update is at least 70% + of desired pods.' + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + type: object + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string + required: + - name + type: object + image: + description: Image is the Beat Docker image to deploy. Version and Type + have to match the Beat in the image. + type: string + kibanaRef: + description: KibanaRef is a reference to a Kibana instance running in + the same Kubernetes cluster. It allows automatic setup of dashboards + and visualizations. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string + required: + - name + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes Secrets + containing sensitive configuration options for the Beat. Secrets data + can be then referenced in the Beat config using the Secret's keys + or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key + to. Path must not be an absolute file path and must not + contain any ".." components. + type: string + required: + - key + type: object + type: array secretName: description: SecretName is the name of the secret. type: string - type: object - daemonSet: - description: DaemonSet specifies the Beat should be deployed as a - DaemonSet, and allows providing its spec. Cannot be used along with - `deployment`. If both are absent a default for the Type is used. - properties: - podTemplate: - description: PodTemplateSpec describes the data a pod should have - when created from a template - type: object - x-kubernetes-preserve-unknown-fields: true - updateStrategy: - description: DaemonSetUpdateStrategy is a struct used to control - the update strategy for a DaemonSet. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow - our convention for oneOf, whatever we decide it to be. Same - as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of nodes with an existing - available DaemonSet pod that can have an updated DaemonSet - pod during during an update. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). This can not be 0 if MaxUnavailable is 0. Absolute - number is calculated from percentage by rounding up - to a minimum of 1. Default value is 0. Example: when - this is set to 30%, at most 30% of the total number - of nodes that should be running the daemon pod (i.e. - status.desiredNumberScheduled) can have their a new - pod created before the old pod is marked as deleted. - The update starts by launching new pods on 30% of nodes. - Once an updated pod is available (Ready for at least - minReadySeconds) the old DaemonSet pod on that node - is marked deleted. If the old pod becomes unavailable - for any reason (Ready transitions to false, is evicted, - or is drained) an updated pod is immediatedly created - on that node without considering surge limits. Allowing - surge implies the possibility that the resources consumed - by the daemonset on any given node can double if the - readiness check fails, and so resource intensive daemonsets - should take into account that they may cause evictions - during disruption. This is beta field and enabled/disabled - by DaemonSetUpdateSurge feature gate.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0 if MaxSurge is 0 Default value - is 1. Example: when this is set to 30%, at most 30% - of the total number of nodes that should be running - the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods - in their place. Once the new pods are available, it - then proceeds onto other DaemonSet pods, thus ensuring - that at least 70% of original number of DaemonSet pods - are available at all times during the update.' - x-kubernetes-int-or-string: true - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. - type: string - type: object - type: object - deployment: - description: Deployment specifies the Beat should be deployed as a - Deployment, and allows providing its spec. Cannot be used along - with `daemonSet`. If both are absent a default for the Type is used. - properties: - podTemplate: - description: PodTemplateSpec describes the data a pod should have - when created from a template - type: object - x-kubernetes-preserve-unknown-fields: true - replicas: - format: int32 - type: integer - strategy: - description: DeploymentStrategy describes how to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update - this to follow our convention for oneOf, whatever we decide - it to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). This can not be 0 if MaxUnavailable is 0. Absolute - number is calculated from percentage by rounding up. - Defaults to 25%. Example: when this is set to 30%, the - new ReplicaSet can be scaled up immediately when the - rolling update starts, such that the total number of - old and new pods do not exceed 130% of desired pods. - Once old pods have been killed, new ReplicaSet can be - scaled up further, ensuring that total number of pods - running at any time during the update is at most 130% - of desired pods.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. - Example: when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods immediately - when the rolling update starts. Once new pods are ready, - old ReplicaSet can be scaled down further, followed - by scaling up the new ReplicaSet, ensuring that the - total number of pods available at all times during the - update is at least 70% of desired pods.' - x-kubernetes-int-or-string: true - type: object - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - type: object - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - image: - description: Image is the Beat Docker image to deploy. Version and - Type have to match the Beat in the image. - type: string - kibanaRef: - description: KibanaRef is a reference to a Kibana instance running - in the same Kubernetes cluster. It allows automatic setup of dashboards - and visualizations. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. - type: string required: - - name + - secretName type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes - Secrets containing sensitive configuration options for the Beat. - Secrets data can be then referenced in the Beat config using the - Secret's keys or as specified in `Entries` field of each SecureSetting. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. - properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to Elasticsearch resource in a different namespace. Can - only be used if ECK is enforcing RBAC on references. - type: string - type: - description: Type is the type of the Beat to deploy (filebeat, metricbeat, - heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string - can be used, but well-known types will have the image field defaulted - and have the appropriate Elasticsearch roles created automatically. - It also allows for dashboard setup when combined with a `KibanaRef`. - maxLength: 20 - pattern: '[a-zA-Z0-9-]+' - type: string - version: - description: Version of the Beat. - type: string - required: - - type - - version - type: object - status: - description: BeatStatus defines the observed state of a Beat. - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - expectedNodes: - format: int32 - type: integer - health: - type: string - kibanaAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to Elasticsearch resource in a different namespace. Can only + be used if ECK is enforcing RBAC on references. + type: string + type: + description: Type is the type of the Beat to deploy (filebeat, metricbeat, + heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string can + be used, but well-known types will have the image field defaulted + and have the appropriate Elasticsearch roles created automatically. + It also allows for dashboard setup when combined with a `KibanaRef`. + maxLength: 20 + pattern: '[a-zA-Z0-9-]+' + type: string + version: + description: Version of the Beat. + type: string + required: + - type + - version + type: object + status: + description: BeatStatus defines the observed state of a Beat. + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + expectedNodes: + format: int32 + type: integer + health: + type: string + kibanaAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + version: v1beta1 + versions: + - name: v1beta1 served: true storage: true - subresources: - status: {} status: acceptedNames: kind: "" @@ -2344,14 +1255,34 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1 +# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null + labels: + app.kubernetes.io/instance: 'elastic-operator' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '1.6.0' name: elasticmapsservers.maps.k8s.elastic.co spec: + additionalPrinterColumns: + - JSONPath: .status.health + name: health + type: string + - JSONPath: .status.availableNodes + description: Available nodes + name: nodes + type: integer + - JSONPath: .status.version + description: ElasticMapsServer version + name: version + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: maps.k8s.elastic.co names: categories: @@ -2363,550 +1294,485 @@ spec: - ems singular: elasticmapsserver scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: ElasticMapsServer version - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: ElasticMapsServer represents an Elastic Map Server resource in - a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MapsSpec holds the specification of an Elastic Maps Server - instance. - properties: - config: - description: 'Config holds the ElasticMapsServer configuration. See: - https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration' - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Elastic Maps Server configuration. Configuration - settings are merged and have precedence over settings specified - in `config`. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - count: - description: Count of Elastic Maps Server instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Elastic Maps - Server. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string + subresources: + status: {} + validation: + openAPIV3Schema: + description: ElasticMapsServer represents an Elastic Map Server resource in + a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MapsSpec holds the specification of an Elastic Maps Server + instance. + properties: + config: + description: 'Config holds the ElasticMapsServer configuration. See: + https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration' + type: object + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Elastic Maps Server configuration. Configuration + settings are merged and have precedence over settings specified in + `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Elastic Maps Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Elastic Maps + Server. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and will + be ignored. + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. + allocateLoadBalancerNodePorts may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. This field is alpha-level + and is only honored by servers that enable the ServiceLBNodePortControl + feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not + be changed through updates unless the type field is also + being changed to ExternalName (which requires this field + to be blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and proxying + is not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will + fail. This field may not be changed through updates unless + the type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is + being changed from ExternalName (in which case this field + may optionally be specified, as describe above). Valid + values are \"None\", empty string (\"\"), or a valid IP + address. Setting this to \"None\" makes a \"headless + service\" (no virtual IP), which is useful when direct + endpoint connections are preferred and proxying is not + required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have + the same value. \n Unless the \"IPv6DualStack\" feature + gate is enabled, this field is limited to one value, which + must be the same as the clusterIP field. If the feature + gate is enabled, this field may hold a maximum of two + entries (dual-stack IPs, in either order). These IPs + must correspond to the values of the ipFamilies field. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will be + involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires Type to be + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). + format: int32 + type: integer + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service, and is gated by + the \"IPv6DualStack\" feature gate. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" and + \"IPv6\". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to \"headless\" services. This field will be wiped when + updating a Service to type ExternalName. \n This field + may hold a maximum of two entries (dual-stack families, + in either order). These families must correspond to the + values of the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an + IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service, and is gated by + the "IPv6DualStack" feature gate. If there is no value + provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified in + this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be ignored + if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. This is + a beta field that is guarded by the ServiceAppProtocol + feature gate and enabled by default. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should be + omitted or set equal to the ''port'' field. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + required: + - port type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. + type: array + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only + applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of + Client IP based session affinity. properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. + type: object + topologyKeys: + description: topologyKeys is a preference-order list of + topology keys which implementations of services should + use to preferentially sort endpoints when accessing this + Service, it can not be used at the same time as externalTrafficPolicy=Local. + Topology keys must be valid label keys and at most 16 + keys may be specified. Endpoints are chosen based on the + first topology key with available backends. If this field + is specified and all entries have no backends that match + the topology of the client, the service has no backends + for that client and connections should fail. The special + value "*" may be used to mean "any topology". This catch-all + value, if used, only makes sense as the last value in + the list. If this is not specified or empty, no topology + constraints will be applied. This field is alpha-level + and is only honored by servers that enable the ServiceTopology + feature. + items: + type: string + type: array + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is + not specified, by manual construction of an Endpoints + object or EndpointSlice objects. If clusterIP is "None", + no virtual IP is allocated and the endpoints are published + as a set of endpoints rather than a virtual IP. "NodePort" + builds on ClusterIP and allocates a port on every node + which routes to the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the + same endpoints as the clusterIP. "ExternalName" aliases + this service to the specified externalName. Several other + fields do not apply to ExternalName services. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: \n + - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed + certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of + the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to + include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry + in a x509 certificate. properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Elastic Maps Server Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Elastic Maps - Server pods - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Elastic Maps Server. - type: string - required: - - version - type: object - status: - description: MapsStatus defines the observed state of Elastic Maps Server - properties: - associationStatus: - description: AssociationStatus is the status of an association resource. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in - the deployment. - format: int32 - type: integer - count: - description: Count corresponds to Scale.Status.Replicas, which is - the actual number of observed instances of the scaled object. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - selector: - description: Selector is the label selector used to find all pods. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Elastic Maps Server Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Elastic Maps + Server pods + type: object + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Elastic Maps Server. + type: string + required: + - version + type: object + status: + description: MapsStatus defines the observed state of Elastic Maps Server + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in the + deployment. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + version: v1alpha1 + versions: + - name: v1alpha1 served: true storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.count - status: {} status: acceptedNames: kind: "" @@ -2914,14 +1780,37 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1 +# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null + labels: + app.kubernetes.io/instance: 'elastic-operator' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '1.6.0' name: elasticsearches.elasticsearch.k8s.elastic.co spec: + additionalPrinterColumns: + - JSONPath: .status.health + name: health + type: string + - JSONPath: .status.availableNodes + description: Available nodes + name: nodes + type: integer + - JSONPath: .status.version + description: Elasticsearch version + name: version + type: string + - JSONPath: .status.phase + name: phase + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: elasticsearch.k8s.elastic.co names: categories: @@ -2933,2576 +1822,1256 @@ spec: - es singular: elasticsearch scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: Elasticsearch version - jsonPath: .status.version - name: version - type: string - - jsonPath: .status.phase - name: phase - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Elasticsearch represents an Elasticsearch resource in a Kubernetes - cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ElasticsearchSpec holds the specification of an Elasticsearch - cluster. - properties: - auth: - description: Auth contains user authentication and authorization security - settings for Elasticsearch. - properties: - fileRealm: - description: FileRealm to propagate to the Elasticsearch cluster. - items: - description: FileRealmSource references users to create in the - Elasticsearch cluster. + subresources: + status: {} + validation: + openAPIV3Schema: + description: Elasticsearch represents an Elasticsearch resource in a Kubernetes + cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ElasticsearchSpec holds the specification of an Elasticsearch + cluster. + properties: + auth: + description: Auth contains user authentication and authorization security + settings for Elasticsearch. + properties: + fileRealm: + description: FileRealm to propagate to the Elasticsearch cluster. + items: + description: FileRealmSource references users to create in the + Elasticsearch cluster. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + type: array + roles: + description: Roles to propagate to the Elasticsearch cluster. + items: + description: RoleSource references roles to create in the Elasticsearch + cluster. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + type: array + type: object + http: + description: HTTP holds HTTP layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and will + be ignored. + type: object + spec: + description: Spec is the specification of the service. properties: - secretName: - description: SecretName is the name of the secret. + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. + allocateLoadBalancerNodePorts may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. This field is alpha-level + and is only honored by servers that enable the ServiceLBNodePortControl + feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not + be changed through updates unless the type field is also + being changed to ExternalName (which requires this field + to be blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and proxying + is not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will + fail. This field may not be changed through updates unless + the type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is + being changed from ExternalName (in which case this field + may optionally be specified, as describe above). Valid + values are \"None\", empty string (\"\"), or a valid IP + address. Setting this to \"None\" makes a \"headless + service\" (no virtual IP), which is useful when direct + endpoint connections are preferred and proxying is not + required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have + the same value. \n Unless the \"IPv6DualStack\" feature + gate is enabled, this field is limited to one value, which + must be the same as the clusterIP field. If the feature + gate is enabled, this field may hold a maximum of two + entries (dual-stack IPs, in either order). These IPs + must correspond to the values of the ipFamilies field. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will be + involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires Type to be + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). + format: int32 + type: integer + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service, and is gated by + the \"IPv6DualStack\" feature gate. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" and + \"IPv6\". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to \"headless\" services. This field will be wiped when + updating a Service to type ExternalName. \n This field + may hold a maximum of two entries (dual-stack families, + in either order). These families must correspond to the + values of the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an + IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service, and is gated by + the "IPv6DualStack" feature gate. If there is no value + provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified in + this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be ignored + if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. This is + a beta field that is guarded by the ServiceAppProtocol + feature gate and enabled by default. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should be + omitted or set equal to the ''port'' field. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + required: + - port + type: object + type: array + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only + applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of + Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + topologyKeys: + description: topologyKeys is a preference-order list of + topology keys which implementations of services should + use to preferentially sort endpoints when accessing this + Service, it can not be used at the same time as externalTrafficPolicy=Local. + Topology keys must be valid label keys and at most 16 + keys may be specified. Endpoints are chosen based on the + first topology key with available backends. If this field + is specified and all entries have no backends that match + the topology of the client, the service has no backends + for that client and connections should fail. The special + value "*" may be used to mean "any topology". This catch-all + value, if used, only makes sense as the last value in + the list. If this is not specified or empty, no topology + constraints will be applied. This field is alpha-level + and is only honored by servers that enable the ServiceTopology + feature. + items: + type: string + type: array + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is + not specified, by manual construction of an Endpoints + object or EndpointSlice objects. If clusterIP is "None", + no virtual IP is allocated and the endpoints are published + as a set of endpoints rather than a virtual IP. "NodePort" + builds on ClusterIP and allocates a port on every node + which routes to the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the + same endpoints as the clusterIP. "ExternalName" aliases + this service to the specified externalName. Several other + fields do not apply to ExternalName services. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' type: string type: object - type: array - roles: - description: Roles to propagate to the Elasticsearch cluster. - items: - description: RoleSource references roles to create in the Elasticsearch - cluster. + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: \n + - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." properties: secretName: description: SecretName is the name of the secret. type: string type: object - type: array - type: object - http: - description: HTTP holds HTTP layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed + certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of + the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to + include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry + in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. + type: array + type: object + type: object + type: object + image: + description: Image is the Elasticsearch Docker image to deploy. + type: string + nodeSets: + description: NodeSets allow specifying groups of Elasticsearch nodes + sharing the same configuration and Pod templates. + items: + description: NodeSet is the specification for a group of Elasticsearch + nodes sharing the same configuration and a Pod template. + properties: + config: + description: Config holds the Elasticsearch configuration. + type: object + count: + description: Count of Elasticsearch nodes to deploy. If the node + set is managed by an autoscaling policy the initial value is + automatically set by the autoscaling controller. + format: int32 + type: integer + name: + description: Name of this set of nodes. Becomes a part of the + Elasticsearch node.name setting. + maxLength: 23 + pattern: '[a-zA-Z0-9-]+' + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, + annotations, affinity rules, resource requests, and so on) for + the Pods belonging to this NodeSet. + type: object + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of persistent volume + claims to be used by each Pod in this NodeSet. Every claim in + this list must have a matching volumeMount in one of the containers + defined in the PodTemplate. Items defined here take precedence + over any default claims added by the operator with the same + name. + items: + description: PersistentVolumeClaim is a user's request for and + claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of + this representation of an object. Servers should convert + recognized schemas to the latest internal value, and may + reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of + a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) * An existing + custom resource that implements data population (Alpha) + In order to use custom resource types that implement + data population, the AnyVolumeDataSource feature gate + must be enabled. If the provisioner or an external + controller can support the specified data source, + it will create a new volume based on the contents + of the specified data source.' properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. + kind: + description: Kind is the type of resource being + referenced type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. + name: + description: Name is the name of resource being + referenced type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true required: - - port + - kind + - name type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Elasticsearch Docker image to deploy. - type: string - monitoring: - description: Monitoring enables you to collect and ship log and monitoring - data of this Elasticsearch cluster. See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. - Metricbeat and Filebeat are deployed in the same Pod as sidecars - and each one sends data to one or two different Elasticsearch monitoring - clusters running in the same Kubernetes cluster. - properties: - logs: - description: Logs holds references to Elasticsearch clusters which - receive log data from this Elasticsearch cluster. - properties: - elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. - items: - description: ObjectSelector defines a reference to a Kubernetes - object. - properties: - name: - description: Name of the Kubernetes object. + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string - namespace: - description: Namespace of the Kubernetes object. If - empty, defaults to the current namespace. + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is implied + when not included in claim spec. type: string - serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. + volumeName: + description: VolumeName is the binding reference to + the PersistentVolume backing this claim. type: string - required: - - name type: object - type: array - type: object - metrics: - description: Metrics holds references to Elasticsearch clusters - which receive monitoring data from this Elasticsearch cluster. - properties: - elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. - items: - description: ObjectSelector defines a reference to a Kubernetes - object. + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If - empty, defaults to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - type: array - type: object - type: object - nodeSets: - description: NodeSets allow specifying groups of Elasticsearch nodes - sharing the same configuration and Pod templates. - items: - description: NodeSet is the specification for a group of Elasticsearch - nodes sharing the same configuration and a Pod template. - properties: - config: - description: Config holds the Elasticsearch configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - count: - description: Count of Elasticsearch nodes to deploy. If the - node set is managed by an autoscaling policy the initial value - is automatically set by the autoscaling controller. - format: int32 - type: integer - name: - description: Name of this set of nodes. Becomes a part of the - Elasticsearch node.name setting. - maxLength: 23 - pattern: '[a-zA-Z0-9-]+' - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, - annotations, affinity rules, resource requests, and so on) - for the Pods belonging to this NodeSet. - type: object - x-kubernetes-preserve-unknown-fields: true - volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume - claims to be used by each Pod in this NodeSet. Every claim - in this list must have a matching volumeMount in one of the - containers defined in the PodTemplate. Items defined here - take precedence over any default claims added by the operator - with the same name. - items: - description: PersistentVolumeClaim is a user's request for - and claim to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal value, - and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the - REST resource this object represents. Servers may infer - this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: + accessModes: + description: 'AccessModes contains the actual access + modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: type: string - namespace: - type: string - type: object - spec: - description: 'Spec defines the desired characteristics - of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. If the AnyVolumeDataSource feature gate - is enabled, this field will always have the same - contents as the DataSourceRef field.' + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + description: Represents the actual resources of the + underlying volume. + type: object + conditions: + description: Current Condition of persistent volume + claim. If underlying persistent volume is being resized + then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails + details about state of pvc properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. + lastProbeTime: + description: Last time we probed the condition. + format: date-time type: string - kind: - description: Kind is the type of resource being - referenced + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time type: string - name: - description: Name is the name of resource being - referenced + message: + description: Human-readable message indicating + details about last transition. type: string - required: - - kind - - name - type: object - dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the DataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the other - is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. (Alpha) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason + for condition's last transition. If it reports + "ResizeStarted" that means the underlying persistent + volume is being resized. type: string - kind: - description: Kind is the type of resource being - referenced + status: type: string - name: - description: Name is the name of resource being - referenced + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type type: string required: - - kind - - name - type: object - resources: - description: 'Resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object + - status + - type type: object - selector: - description: A label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - storageClassName: - description: 'Name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + required: + - name + type: object + minItems: 1 + type: array + podDisruptionBudget: + description: PodDisruptionBudget provides access to the default pod + disruption budget for the Elasticsearch cluster. The default budget + selects all cluster pods and sets `maxUnavailable` to 1. To disable, + set `PodDisruptionBudget` to the empty value (`{}` in YAML). + properties: + metadata: + description: ObjectMeta is the metadata of the PDB. The name and + namespace provided here are managed by ECK and will be ignored. + type: object + spec: + description: Spec is the specification of the PDB. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at most "maxUnavailable" + pods selected by "selector" are unavailable after the eviction, + i.e. even in absence of the evicted pod. For example, one + can prevent all voluntary evictions by specifying 0. This + is a mutually exclusive setting with "minAvailable". + minAvailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at least "minAvailable" + pods selected by "selector" will still be available after + the eviction, i.e. even in the absence of the evicted pod. So + for example you can prevent all voluntary evictions by specifying + "100%". + selector: + description: Label query over pods whose evictions are managed + by the disruption budget. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. type: string - volumeName: - description: VolumeName is the binding reference to - the PersistentVolume backing this claim. + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string - type: object - status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the actual access - modes the volume backing the PVC has. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: The storage resource within AllocatedResources - tracks the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume - expansion capacity request is lowered, allocatedResources - is only lowered if there are no expansion operations - in progress and if the actual volume capacity is - equal or lower than the requested capacity. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Represents the actual resources of the - underlying volume. - type: object - conditions: - description: Current Condition of persistent volume - claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails - details about state of pvc - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating - details about last transition. - type: string - reason: - description: Unique, this should be a short, - machine understandable string that gives the - reason for condition's last transition. If - it reports "ResizeStarted" that means the - underlying persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase represents the current phase of - PersistentVolumeClaim. - type: string - resizeStatus: - description: ResizeStatus stores status of resize - operation. ResizeStatus is not set by default but - when expansion is complete resizeStatus is set to - empty string by resize controller or kubelet. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string + required: + - key + - operator type: object - type: object - type: array - required: - - name + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object type: object - minItems: 1 - type: array - podDisruptionBudget: - description: PodDisruptionBudget provides access to the default pod - disruption budget for the Elasticsearch cluster. The default budget - selects all cluster pods and sets `maxUnavailable` to 1. To disable, - set `PodDisruptionBudget` to the empty value (`{}` in YAML). + type: object + remoteClusters: + description: RemoteClusters enables you to establish uni-directional + connections to a remote Elasticsearch cluster. + items: + description: RemoteCluster declares a remote Elasticsearch cluster + connection. properties: - metadata: - description: ObjectMeta is the metadata of the PDB. The name and - namespace provided here are managed by ECK and will be ignored. + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch + cluster running within the same k8s cluster. properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object name: + description: Name of the Kubernetes object. type: string namespace: + description: Namespace of the Kubernetes object. If empty, + defaults to the current namespace. type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes + service which will be used to make requests to the referenced + object. It has to be in the same namespace as the referenced + resource. If left empty the default HTTP service of the + referenced resource will be used. + type: string + required: + - name type: object - spec: - description: Spec is the specification of the PDB. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the eviction, - i.e. even in absence of the evicted pod. For example, one - can prevent all voluntary evictions by specifying 0. This - is a mutually exclusive setting with "minAvailable". - x-kubernetes-int-or-string: true - minAvailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after - the eviction, i.e. even in the absence of the evicted pod. So - for example you can prevent all voluntary evictions by specifying - "100%". - x-kubernetes-int-or-string: true - selector: - description: Label query over pods whose evictions are managed - by the disruption budget. A null selector selects no pods. - An empty selector ({}) also selects no pods, which differs - from standard behavior of selecting all pods. In policy/v1, - an empty selector will select all pods in the namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: object + name: + description: Name is the name of the remote cluster as it is set + in the Elasticsearch settings. The name is expected to be unique + for each remote clusters. + minLength: 1 + type: string + required: + - name + type: object + type: array + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets + containing sensitive configuration options for Elasticsearch. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. + properties: + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key + to. Path must not be an absolute file path and must not + contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName type: object - remoteClusters: - description: RemoteClusters enables you to establish uni-directional - connections to a remote Elasticsearch cluster. - items: - description: RemoteCluster declares a remote Elasticsearch cluster - connection. + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. a remote Elasticsearch cluster) in a different + namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + transport: + description: Transport holds transport layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. properties: - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch - cluster running within the same k8s cluster. + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and will + be ignored. + type: object + spec: + description: Spec is the specification of the service. properties: - name: - description: Name of the Kubernetes object. + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. + allocateLoadBalancerNodePorts may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. This field is alpha-level + and is only honored by servers that enable the ServiceLBNodePortControl + feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not + be changed through updates unless the type field is also + being changed to ExternalName (which requires this field + to be blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and proxying + is not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' type: string - namespace: - description: Namespace of the Kubernetes object. If empty, - defaults to the current namespace. + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will + fail. This field may not be changed through updates unless + the type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is + being changed from ExternalName (in which case this field + may optionally be specified, as describe above). Valid + values are \"None\", empty string (\"\"), or a valid IP + address. Setting this to \"None\" makes a \"headless + service\" (no virtual IP), which is useful when direct + endpoint connections are preferred and proxying is not + required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have + the same value. \n Unless the \"IPv6DualStack\" feature + gate is enabled, this field is limited to one value, which + must be the same as the clusterIP field. If the feature + gate is enabled, this field may hold a maximum of two + entries (dual-stack IPs, in either order). These IPs + must correspond to the values of the ipFamilies field. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will be + involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires Type to be type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced - object. It has to be in the same namespace as the referenced - resource. If left empty, the default HTTP service of the - referenced resource is used. + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). + format: int32 + type: integer + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service, and is gated by + the \"IPv6DualStack\" feature gate. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" and + \"IPv6\". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to \"headless\" services. This field will be wiped when + updating a Service to type ExternalName. \n This field + may hold a maximum of two entries (dual-stack families, + in either order). These families must correspond to the + values of the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an + IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service, and is gated by + the "IPv6DualStack" feature gate. If there is no value + provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified in + this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be ignored + if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. This is + a beta field that is guarded by the ServiceAppProtocol + feature gate and enabled by default. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should be + omitted or set equal to the ''port'' field. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + required: + - port + type: object + type: array + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only + applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of + Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + topologyKeys: + description: topologyKeys is a preference-order list of + topology keys which implementations of services should + use to preferentially sort endpoints when accessing this + Service, it can not be used at the same time as externalTrafficPolicy=Local. + Topology keys must be valid label keys and at most 16 + keys may be specified. Endpoints are chosen based on the + first topology key with available backends. If this field + is specified and all entries have no backends that match + the topology of the client, the service has no backends + for that client and connections should fail. The special + value "*" may be used to mean "any topology". This catch-all + value, if used, only makes sense as the last value in + the list. If this is not specified or empty, no topology + constraints will be applied. This field is alpha-level + and is only honored by servers that enable the ServiceTopology + feature. + items: + type: string + type: array + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is + not specified, by manual construction of an Endpoints + object or EndpointSlice objects. If clusterIP is "None", + no virtual IP is allocated and the endpoints are published + as a set of endpoints rather than a virtual IP. "NodePort" + builds on ClusterIP and allocates a port on every node + which routes to the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the + same endpoints as the clusterIP. "ExternalName" aliases + this service to the specified externalName. Several other + fields do not apply to ExternalName services. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' type: string - required: - - name type: object - name: - description: Name is the name of the remote cluster as it is - set in the Elasticsearch settings. The name is expected to - be unique for each remote clusters. - minLength: 1 - type: string - required: - - name type: object - type: array - secureSettings: - description: SecureSettings is a list of references to Kubernetes - secrets containing sensitive configuration options for Elasticsearch. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + tls: + description: TLS defines options for configuring TLS on the transport + layer. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. a remote Elasticsearch cluster) in a - different namespace. Can only be used if ECK is enforcing RBAC on - references. - type: string - transport: - description: Transport holds transport layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS on the transport - layer. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the CA certificate and private key for generating - node certificates. The referenced secret should contain - the following: \n - `ca.crt`: The CA certificate in PEM - format. - `ca.key`: The private key for the CA certificate - in PEM format." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - otherNameSuffix: - description: 'OtherNameSuffix when defined will be prefixed - with the Pod name and used as the common name, and the first - DNSName, as well as an OtherName required by Elasticsearch - in the Subject Alternative Name extension of each Elasticsearch - node''s transport TLS certificate. Example: if set to "node.cluster.local", - the generated certificate will have its otherName set to - ".node.cluster.local".' - type: string - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated node transport TLS certificates. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - updateStrategy: - description: UpdateStrategy specifies how updates to the cluster should - be performed. - properties: - changeBudget: - description: ChangeBudget defines the constraints to consider - when applying changes to the Elasticsearch cluster. - properties: - maxSurge: - description: MaxSurge is the maximum number of new pods that - can be created exceeding the original number of pods defined - in the specification. MaxSurge is only taken into consideration - when scaling up. Setting a negative value will disable the - restriction. Defaults to unbounded if not specified. - format: int32 - type: integer - maxUnavailable: - description: MaxUnavailable is the maximum number of pods - that can be unavailable (not ready) during the update due - to circumstances under the control of the operator. Setting - a negative value will disable this restriction. Defaults - to 1 if not specified. - format: int32 - type: integer - type: object - type: object - version: - description: Version of Elasticsearch. - type: string - volumeClaimDeletePolicy: - description: VolumeClaimDeletePolicy sets the policy for handling - deletion of PersistentVolumeClaims for all NodeSets. Possible values - are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. - Defaults to DeleteOnScaledownAndClusterDeletion. - enum: - - DeleteOnScaledownOnly - - DeleteOnScaledownAndClusterDeletion - type: string - required: - - nodeSets - - version - type: object - status: - description: ElasticsearchStatus defines the observed state of Elasticsearch - properties: - availableNodes: - description: AvailableNodes is the number of available instances. - format: int32 - type: integer - health: - description: ElasticsearchHealth is the health of the cluster as returned - by the health API. - type: string - monitoringAssociationStatus: - additionalProperties: - description: AssociationStatus is the status of an association resource. - type: string - description: AssociationStatusMap is the map of association's namespaced - name string to its AssociationStatus. For resources that have a - single Association of a given type (for ex. single ES reference), - this map contains a single entry. - type: object - phase: - description: ElasticsearchOrchestrationPhase is the phase Elasticsearch - is in from the controller point of view. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: Elasticsearch version - jsonPath: .spec.version - name: version - type: string - - jsonPath: .status.phase - name: phase - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Elasticsearch represents an Elasticsearch resource in a Kubernetes - cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ElasticsearchSpec holds the specification of an Elasticsearch - cluster. - properties: - http: - description: HTTP holds HTTP layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Elasticsearch Docker image to deploy. - type: string - nodeSets: - description: NodeSets allow specifying groups of Elasticsearch nodes - sharing the same configuration and Pod templates. - items: - description: NodeSet is the specification for a group of Elasticsearch - nodes sharing the same configuration and a Pod template. - properties: - config: - description: Config holds the Elasticsearch configuration. - type: object - count: - description: Count of Elasticsearch nodes to deploy. - format: int32 - minimum: 1 - type: integer - name: - description: Name of this set of nodes. Becomes a part of the - Elasticsearch node.name setting. - maxLength: 23 - pattern: '[a-zA-Z0-9-]+' - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, - annotations, affinity rules, resource requests, and so on) - for the Pods belonging to this NodeSet. + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the CA certificate and private key for generating + node certificates. The referenced secret should contain the + following: \n - `tls.crt`: The CA certificate in PEM format. + - `tls.key`: The private key for the CA certificate in PEM + format." + properties: + secretName: + description: SecretName is the name of the secret. + type: string type: object - volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume - claims to be used by each Pod in this NodeSet. Every claim - in this list must have a matching volumeMount in one of the - containers defined in the PodTemplate. Items defined here - take precedence over any default claims added by the operator - with the same name. - items: - description: PersistentVolumeClaim is a user's request for - and claim to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal value, - and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the - REST resource this object represents. Servers may infer - this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: 'Spec defines the desired characteristics - of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. If the AnyVolumeDataSource feature gate - is enabled, this field will always have the same - contents as the DataSourceRef field.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the DataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the other - is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. (Alpha) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - resources: - description: 'Resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: A label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - storageClassName: - description: 'Name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the actual access - modes the volume backing the PVC has. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: The storage resource within AllocatedResources - tracks the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume - expansion capacity request is lowered, allocatedResources - is only lowered if there are no expansion operations - in progress and if the actual volume capacity is - equal or lower than the requested capacity. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Represents the actual resources of the - underlying volume. - type: object - conditions: - description: Current Condition of persistent volume - claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails - details about state of pvc - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating - details about last transition. - type: string - reason: - description: Unique, this should be a short, - machine understandable string that gives the - reason for condition's last transition. If - it reports "ResizeStarted" that means the - underlying persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase represents the current phase of - PersistentVolumeClaim. - type: string - resizeStatus: - description: ResizeStatus stores status of resize - operation. ResizeStatus is not set by default but - when expansion is complete resizeStatus is set to - empty string by resize controller or kubelet. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string - type: object - type: object - type: array - required: - - count - - name type: object - minItems: 1 - type: array - podDisruptionBudget: - description: PodDisruptionBudget provides access to the default pod - disruption budget for the Elasticsearch cluster. The default budget - selects all cluster pods and sets `maxUnavailable` to 1. To disable, - set `PodDisruptionBudget` to the empty value (`{}` in YAML). - properties: - metadata: - description: ObjectMeta is the metadata of the PDB. The name and - namespace provided here are managed by ECK and will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the PDB. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the eviction, - i.e. even in absence of the evicted pod. For example, one - can prevent all voluntary evictions by specifying 0. This - is a mutually exclusive setting with "minAvailable". - x-kubernetes-int-or-string: true - minAvailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after - the eviction, i.e. even in the absence of the evicted pod. So - for example you can prevent all voluntary evictions by specifying - "100%". - x-kubernetes-int-or-string: true - selector: - description: Label query over pods whose evictions are managed - by the disruption budget. A null selector selects no pods. - An empty selector ({}) also selects no pods, which differs - from standard behavior of selecting all pods. In policy/v1, - an empty selector will select all pods in the namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: object - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes - secrets containing sensitive configuration options for Elasticsearch. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + type: object + updateStrategy: + description: UpdateStrategy specifies how updates to the cluster should + be performed. + properties: + changeBudget: + description: ChangeBudget defines the constraints to consider when + applying changes to the Elasticsearch cluster. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName + maxSurge: + description: MaxSurge is the maximum number of new pods that + can be created exceeding the original number of pods defined + in the specification. MaxSurge is only taken into consideration + when scaling up. Setting a negative value will disable the + restriction. Defaults to unbounded if not specified. + format: int32 + type: integer + maxUnavailable: + description: MaxUnavailable is the maximum number of pods that + can be unavailable (not ready) during the update due to circumstances + under the control of the operator. Setting a negative value + will disable this restriction. Defaults to 1 if not specified. + format: int32 + type: integer type: object - type: array - updateStrategy: - description: UpdateStrategy specifies how updates to the cluster should - be performed. - properties: - changeBudget: - description: ChangeBudget defines the constraints to consider - when applying changes to the Elasticsearch cluster. - properties: - maxSurge: - description: MaxSurge is the maximum number of new pods that - can be created exceeding the original number of pods defined - in the specification. MaxSurge is only taken into consideration - when scaling up. Setting a negative value will disable the - restriction. Defaults to unbounded if not specified. - format: int32 - type: integer - maxUnavailable: - description: MaxUnavailable is the maximum number of pods - that can be unavailable (not ready) during the update due - to circumstances under the control of the operator. Setting - a negative value will disable this restriction. Defaults - to 1 if not specified. - format: int32 - type: integer - type: object - type: object - version: - description: Version of Elasticsearch. - type: string - required: - - nodeSets - type: object - status: - description: ElasticsearchStatus defines the observed state of Elasticsearch - properties: - availableNodes: - format: int32 - type: integer - health: - description: ElasticsearchHealth is the health of the cluster as returned - by the health API. - type: string - phase: - description: ElasticsearchOrchestrationPhase is the phase Elasticsearch - is in from the controller point of view. - type: string - type: object - type: object + type: object + version: + description: Version of Elasticsearch. + type: string + volumeClaimDeletePolicy: + description: VolumeClaimDeletePolicy sets the policy for handling deletion + of PersistentVolumeClaims for all NodeSets. Possible values are DeleteOnScaledownOnly + and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion. + enum: + - DeleteOnScaledownOnly + - DeleteOnScaledownAndClusterDeletion + type: string + required: + - nodeSets + - version + type: object + status: + description: ElasticsearchStatus defines the observed state of Elasticsearch + properties: + availableNodes: + description: AvailableNodes is the number of available instances. + format: int32 + type: integer + health: + description: ElasticsearchHealth is the health of the cluster as returned + by the health API. + type: string + phase: + description: ElasticsearchOrchestrationPhase is the phase Elasticsearch + is in from the controller point of view. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 served: true storage: false - subresources: - status: {} - name: v1alpha1 - schema: - openAPIV3Schema: - description: to not break compatibility when upgrading from previous versions - of the CRD - type: object served: false storage: false status: @@ -5512,14 +3081,34 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1 +# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null + labels: + app.kubernetes.io/instance: 'elastic-operator' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '1.6.0' name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: + additionalPrinterColumns: + - JSONPath: .status.health + name: health + type: string + - JSONPath: .status.availableNodes + description: Available nodes + name: nodes + type: integer + - JSONPath: .status.version + description: Enterprise Search version + name: version + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: enterprisesearch.k8s.elastic.co names: categories: @@ -5531,1093 +3120,489 @@ spec: - ent singular: enterprisesearch scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: Enterprise Search version - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - schema: - openAPIV3Schema: - description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise - Search. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: EnterpriseSearchSpec holds the specification of an Enterprise - Search resource. - properties: - config: - description: Config holds the Enterprise Search configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Enterprise Search configuration. Configuration - settings are merged and have precedence over settings specified - in `config`. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - count: - description: Count of Enterprise Search instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the Elasticsearch - cluster running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Enterprise - Search resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. + subresources: + status: {} + validation: + openAPIV3Schema: + description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnterpriseSearchSpec holds the specification of an Enterprise + Search resource. + properties: + config: + description: Config holds the Enterprise Search configuration. + type: object + configRef: + description: ConfigRef contains a reference to an existing Kubernetes + Secret holding the Enterprise Search configuration. Configuration + settings are merged and have precedence over settings specified in + `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Enterprise Search instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Enterprise + Search resource. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and will + be ignored. + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. + allocateLoadBalancerNodePorts may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. This field is alpha-level + and is only honored by servers that enable the ServiceLBNodePortControl + feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not + be changed through updates unless the type field is also + being changed to ExternalName (which requires this field + to be blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and proxying + is not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will + fail. This field may not be changed through updates unless + the type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is + being changed from ExternalName (in which case this field + may optionally be specified, as describe above). Valid + values are \"None\", empty string (\"\"), or a valid IP + address. Setting this to \"None\" makes a \"headless + service\" (no virtual IP), which is useful when direct + endpoint connections are preferred and proxying is not + required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have + the same value. \n Unless the \"IPv6DualStack\" feature + gate is enabled, this field is limited to one value, which + must be the same as the clusterIP field. If the feature + gate is enabled, this field may hold a maximum of two + entries (dual-stack IPs, in either order). These IPs + must correspond to the values of the ipFamilies field. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will be + involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires Type to be + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). + format: int32 + type: integer + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service, and is gated by + the \"IPv6DualStack\" feature gate. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" and + \"IPv6\". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to \"headless\" services. This field will be wiped when + updating a Service to type ExternalName. \n This field + may hold a maximum of two entries (dual-stack families, + in either order). These families must correspond to the + values of the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an + IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service, and is gated by + the "IPv6DualStack" feature gate. If there is no value + provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified in + this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be ignored + if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Enterprise Search Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Enterprise - Search pods. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Enterprise Search. - type: string - type: object - status: - description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch - properties: - associationStatus: - description: Association is the status of any auto-linking to Elasticsearch - clusters. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in - the deployment. - format: int32 - type: integer - count: - description: Count corresponds to Scale.Status.Replicas, which is - the actual number of observed instances of the scaled object. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - selector: - description: Selector is the label selector used to find all pods. - type: string - service: - description: ExternalService is the name of the service associated - to the Enterprise Search Pods. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.count - status: {} - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: Enterprise Search version - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise - Search. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: EnterpriseSearchSpec holds the specification of an Enterprise - Search resource. - properties: - config: - description: Config holds the Enterprise Search configuration. - type: object - x-kubernetes-preserve-unknown-fields: true - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Enterprise Search configuration. Configuration - settings are merged and have precedence over settings specified - in `config`. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - count: - description: Count of Enterprise Search instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the Elasticsearch - cluster running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Enterprise - Search resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. This is + a beta field that is guarded by the ServiceAppProtocol + feature gate and enabled by default. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should be + omitted or set equal to the ''port'' field. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + required: + - port type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. + type: array + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only + applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of + Client IP based session affinity. properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Enterprise Search Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Enterprise - Search pods. - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Enterprise Search. - type: string - type: object - status: - description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch - properties: - associationStatus: - description: Association is the status of any auto-linking to Elasticsearch - clusters. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in - the deployment. - format: int32 - type: integer - count: - description: Count corresponds to Scale.Status.Replicas, which is - the actual number of observed instances of the scaled object. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - selector: - description: Selector is the label selector used to find all pods. - type: string - service: - description: ExternalService is the name of the service associated - to the Enterprise Search Pods. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - type: object + type: object + topologyKeys: + description: topologyKeys is a preference-order list of + topology keys which implementations of services should + use to preferentially sort endpoints when accessing this + Service, it can not be used at the same time as externalTrafficPolicy=Local. + Topology keys must be valid label keys and at most 16 + keys may be specified. Endpoints are chosen based on the + first topology key with available backends. If this field + is specified and all entries have no backends that match + the topology of the client, the service has no backends + for that client and connections should fail. The special + value "*" may be used to mean "any topology". This catch-all + value, if used, only makes sense as the last value in + the list. If this is not specified or empty, no topology + constraints will be applied. This field is alpha-level + and is only honored by servers that enable the ServiceTopology + feature. + items: + type: string + type: array + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is + not specified, by manual construction of an Endpoints + object or EndpointSlice objects. If clusterIP is "None", + no virtual IP is allocated and the endpoints are published + as a set of endpoints rather than a virtual IP. "NodePort" + builds on ClusterIP and allocates a port on every node + which routes to the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the + same endpoints as the clusterIP. "ExternalName" aliases + this service to the specified externalName. Several other + fields do not apply to ExternalName services. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: \n + - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed + certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of + the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to + include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry + in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Enterprise Search Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Enterprise Search + pods. + type: object + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Enterprise Search. + type: string + type: object + status: + description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch + clusters. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in the + deployment. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + service: + description: ExternalService is the name of the service associated to + the Enterprise Search Pods. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 served: true storage: false - subresources: - status: {} status: acceptedNames: kind: "" @@ -6625,14 +3610,34 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1 +# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.5.0 creationTimestamp: null + labels: + app.kubernetes.io/instance: 'elastic-operator' + app.kubernetes.io/name: 'eck-operator-crds' + app.kubernetes.io/version: '1.6.0' name: kibanas.kibana.k8s.elastic.co spec: + additionalPrinterColumns: + - JSONPath: .status.health + name: health + type: string + - JSONPath: .status.availableNodes + description: Available nodes + name: nodes + type: integer + - JSONPath: .status.version + description: Kibana version + name: version + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: kibana.k8s.elastic.co names: categories: @@ -6644,1221 +3649,510 @@ spec: - kb singular: kibana scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: Kibana version - jsonPath: .status.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Kibana represents a Kibana resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KibanaSpec holds the specification of a Kibana instance. - properties: - config: - description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' - type: object - x-kubernetes-preserve-unknown-fields: true - count: - description: Count of Kibana instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - enterpriseSearchRef: - description: EnterpriseSearchRef is a reference to an EnterpriseSearch - running in the same Kubernetes cluster. Kibana provides the default - Enterprise Search UI starting version 7.14. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which is used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty, the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Kibana. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string + subresources: + status: {} + validation: + openAPIV3Schema: + description: Kibana represents a Kibana resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KibanaSpec holds the specification of a Kibana instance. + properties: + config: + description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' + type: object + count: + description: Count of Kibana instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster + running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults + to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service + which will be used to make requests to the referenced object. + It has to be in the same namespace as the referenced resource. + If left empty the default HTTP service of the referenced resource + will be used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Kibana. + properties: + service: + description: Service defines the template for the associated Kubernetes + Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The + name and namespace provided here are managed by ECK and will + be ignored. + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. + allocateLoadBalancerNodePorts may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. This field is alpha-level + and is only honored by servers that enable the ServiceLBNodePortControl + feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not + be changed through updates unless the type field is also + being changed to ExternalName (which requires this field + to be blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and proxying + is not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will + fail. This field may not be changed through updates unless + the type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is + being changed from ExternalName (in which case this field + may optionally be specified, as describe above). Valid + values are \"None\", empty string (\"\"), or a valid IP + address. Setting this to \"None\" makes a \"headless + service\" (no virtual IP), which is useful when direct + endpoint connections are preferred and proxying is not + required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have + the same value. \n Unless the \"IPv6DualStack\" feature + gate is enabled, this field is limited to one value, which + must be the same as the clusterIP field. If the feature + gate is enabled, this field may hold a maximum of two + entries (dual-stack IPs, in either order). These IPs + must correspond to the values of the ipFamilies field. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will be + involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires Type to be + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service + desires to route external traffic to node-local or cluster-wide + endpoints. "Local" preserves the client source IP and + avoids a second hop for LoadBalancer and Nodeport type + services, but risks potentially imbalanced traffic spreading. + "Cluster" obscures the client source IP and may cause + a second hop to another node, but should have good overall + load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). + format: int32 + type: integer + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service, and is gated by + the \"IPv6DualStack\" feature gate. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" and + \"IPv6\". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to \"headless\" services. This field will be wiped when + updating a Service to type ExternalName. \n This field + may hold a maximum of two entries (dual-stack families, + in either order). These families must correspond to the + values of the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an + IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service, and is gated by + the "IPv6DualStack" feature gate. If there is no value + provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer + LoadBalancer will get created with the IP specified in + this field. This feature depends on whether the underlying + cloud-provider supports specifying the loadBalancerIP + when a load balancer is created. This field will be ignored + if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. This is + a beta field that is guarded by the ServiceAppProtocol + feature gate and enabled by default. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should be + omitted or set equal to the ''port'' field. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + required: + - port type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. + type: array + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only + applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of + Client IP based session affinity. properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Kibana Docker image to deploy. - type: string - monitoring: - description: Monitoring enables you to collect and ship log and monitoring - data of this Kibana. See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html. - Metricbeat and Filebeat are deployed in the same Pod as sidecars - and each one sends data to one or two different Elasticsearch monitoring - clusters running in the same Kubernetes cluster. - properties: - logs: - description: Logs holds references to Elasticsearch clusters which - will receive log data from this Kibana. - properties: - elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. - items: - description: ObjectSelector defines a reference to a Kubernetes - object. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If - empty, defaults to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. - type: string - required: - - name type: object - type: array - type: object - metrics: - description: Metrics holds references to Elasticsearch clusters - which will receive monitoring data from this Kibana. - properties: - elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of - monitoring Elasticsearch clusters running in the same Kubernetes - cluster. Due to existing limitations, only a single Elasticsearch - cluster is currently supported. - items: - description: ObjectSelector defines a reference to a Kubernetes - object. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If - empty, defaults to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing - Kubernetes service which is used to make requests - to the referenced object. It has to be in the same - namespace as the referenced resource. If left empty, - the default HTTP service of the referenced resource - is used. - type: string - required: - - name - type: object - type: array - type: object - type: object - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Kibana pods - type: object - x-kubernetes-preserve-unknown-fields: true - secureSettings: - description: SecureSettings is a list of references to Kubernetes - secrets containing sensitive configuration options for Kibana. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + topologyKeys: + description: topologyKeys is a preference-order list of + topology keys which implementations of services should + use to preferentially sort endpoints when accessing this + Service, it can not be used at the same time as externalTrafficPolicy=Local. + Topology keys must be valid label keys and at most 16 + keys may be specified. Endpoints are chosen based on the + first topology key with available backends. If this field + is specified and all entries have no backends that match + the topology of the client, the service has no backends + for that client and connections should fail. The special + value "*" may be used to mean "any topology". This catch-all + value, if used, only makes sense as the last value in + the list. If this is not specified or empty, no topology + constraints will be applied. This field is alpha-level + and is only honored by servers that enable the ServiceTopology + feature. + items: + type: string + type: array + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is + not specified, by manual construction of an Endpoints + object or EndpointSlice objects. If clusterIP is "None", + no virtual IP is allocated and the endpoints are published + as a set of endpoints rather than a virtual IP. "NodePort" + builds on ClusterIP and allocates a port on every node + which routes to the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the + same endpoints as the clusterIP. "ExternalName" aliases + this service to the specified externalName. Several other + fields do not apply to ExternalName services. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName + certificate: + description: "Certificate is a reference to a Kubernetes secret + that contains the certificate and private key for enabling + TLS. The referenced secret should contain the following: \n + - `ca.crt`: The certificate authority (optional). - `tls.crt`: + The certificate (or a chain). - `tls.key`: The private key + to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed + certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of + the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to + include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry + in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Kibana. - type: string - required: - - version - type: object - status: - description: KibanaStatus defines the observed state of Kibana - properties: - associationStatus: - description: AssociationStatus is the status of any auto-linking to - Elasticsearch clusters. This field is deprecated and will be removed - in a future release. Use ElasticsearchAssociationStatus instead. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in - the deployment. - format: int32 - type: integer - count: - description: Count corresponds to Scale.Status.Replicas, which is - the actual number of observed instances of the scaled object. - format: int32 - type: integer - elasticsearchAssociationStatus: - description: ElasticsearchAssociationStatus is the status of any auto-linking - to Elasticsearch clusters. - type: string - enterpriseSearchAssociationStatus: - description: EnterpriseSearchAssociationStatus is the status of any - auto-linking to Enterprise Search. - type: string - health: - description: Health of the deployment. - type: string - monitoringAssociationStatus: - additionalProperties: - description: AssociationStatus is the status of an association resource. - type: string - description: MonitoringAssociationStatus is the status of any auto-linking - to monitoring Elasticsearch clusters. - type: object - selector: - description: Selector is the label selector used to find all pods. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.count - statusReplicasPath: .status.count - status: {} - - additionalPrinterColumns: - - jsonPath: .status.health - name: health - type: string - - description: Available nodes - jsonPath: .status.availableNodes - name: nodes - type: integer - - description: Kibana version - jsonPath: .spec.version - name: version - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Kibana represents a Kibana resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KibanaSpec holds the specification of a Kibana instance. - properties: - config: - description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' - type: object - x-kubernetes-preserve-unknown-fields: true - count: - description: Count of Kibana instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. + type: object + image: + description: Image is the Kibana Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, + affinity rules, resource requests, and so on) for the Kibana pods + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets + containing sensitive configuration options for Kibana. + items: + description: SecretSource defines a data source based on a Kubernetes + Secret. properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. + entries: + description: Entries define how to project each key-value pair + in the secret to filesystem paths. If not defined, all keys + will be projected to similarly named paths in the filesystem. + If defined, only the specified keys will be projected to the + corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret + object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key + to. Path must not be an absolute file path and must not + contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. type: string required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Kibana. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and - will be ignored. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy specifies if the cluster - internal traffic should be routed to all endpoints or - node-local endpoints only. "Cluster" routes internal - traffic to a Service to all endpoints. "Local" routes - traffic to node-local endpoints only, traffic is dropped - if no node-local endpoints are ready. The default value - is "Cluster". - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a - port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation will - fail. This field will be wiped when updating a - Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a - named port in the target Pod''s container ports. - If this is not specified, the value of the ''port'' - field is used (an identity map). This field is - ignored for services with clusterIP=None, and - should be omitted or set equal to the ''port'' - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty or - not present, the service is assumed to have an external - process managing its endpoints, which Kubernetes will - not modify. Only applies to types ClusterIP, NodePort, - and LoadBalancer. Ignored if type is ExternalName. More - info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: - \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the - self-signed certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning - of the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs - to include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN - entry in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Kibana Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Kibana pods + - secretName type: object - x-kubernetes-preserve-unknown-fields: true - secureSettings: - description: SecureSettings is a list of references to Kubernetes - secrets containing sensitive configuration options for Kibana. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. - properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the - key to. Path must not be an absolute file path and must - not contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - version: - description: Version of Kibana. - type: string - type: object - status: - description: KibanaStatus defines the observed state of Kibana - properties: - associationStatus: - description: AssociationStatus is the status of an association resource. - type: string - availableNodes: - format: int32 - type: integer - health: - description: KibanaHealth expresses the status of the Kibana instances. - type: string - type: object - type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current + resource to a resource (eg. Elasticsearch) in a different namespace. + Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Kibana. + type: string + required: + - version + type: object + status: + description: KibanaStatus defines the observed state of Kibana + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in the + deployment. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + version: + description: 'Version of the stack resource currently running. During + version upgrades, multiple versions may run in parallel: this value + specifies the lowest version currently running.' + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 served: true storage: false - subresources: - status: {} - name: v1alpha1 - schema: - openAPIV3Schema: - description: to not break compatibility when upgrading from previous versions - of the CRD - type: object served: false storage: false status: @@ -7866,4 +4160,552 @@ status: kind: "" plural: "" conditions: [] - storedVersions: [] \ No newline at end of file + storedVersions: [] +--- +# Source: eck-operator/templates/cluster-roles.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-operator + labels: + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +rules: +- apiGroups: + - "authorization.k8s.io" + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - "" + resources: + - pods + - endpoints + - events + - persistentvolumeclaims + - secrets + - services + - configmaps + - serviceaccounts + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + - statefulsets + - daemonsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - elasticsearch.k8s.elastic.co + resources: + - elasticsearches + - elasticsearches/status + - elasticsearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + - enterpriselicenses + - enterpriselicenses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kibana.k8s.elastic.co + resources: + - kibanas + - kibanas/status + - kibanas/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apm.k8s.elastic.co + resources: + - apmservers + - apmservers/status + - apmservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - enterprisesearch.k8s.elastic.co + resources: + - enterprisesearches + - enterprisesearches/status + - enterprisesearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - beat.k8s.elastic.co + resources: + - beats + - beats/status + - beats/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - agent.k8s.elastic.co + resources: + - agents + - agents/status + - agents/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - maps.k8s.elastic.co + resources: + - elasticmapsservers + - elasticmapsservers/status + - elasticmapsservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +# Source: eck-operator/templates/cluster-roles.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "elastic-operator-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +rules: +- apiGroups: ["elasticsearch.k8s.elastic.co"] + resources: ["elasticsearches"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apm.k8s.elastic.co"] + resources: ["apmservers"] + verbs: ["get", "list", "watch"] +- apiGroups: ["kibana.k8s.elastic.co"] + resources: ["kibanas"] + verbs: ["get", "list", "watch"] +- apiGroups: ["enterprisesearch.k8s.elastic.co"] + resources: ["enterprisesearches"] + verbs: ["get", "list", "watch"] +- apiGroups: ["beat.k8s.elastic.co"] + resources: ["beats"] + verbs: ["get", "list", "watch"] +- apiGroups: ["agent.k8s.elastic.co"] + resources: ["agents"] + verbs: ["get", "list", "watch"] +- apiGroups: ["maps.k8s.elastic.co"] + resources: ["elasticmapsservers"] + verbs: ["get", "list", "watch"] +--- +# Source: eck-operator/templates/cluster-roles.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "elastic-operator-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +rules: +- apiGroups: ["elasticsearch.k8s.elastic.co"] + resources: ["elasticsearches"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +- apiGroups: ["apm.k8s.elastic.co"] + resources: ["apmservers"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +- apiGroups: ["kibana.k8s.elastic.co"] + resources: ["kibanas"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +- apiGroups: ["enterprisesearch.k8s.elastic.co"] + resources: ["enterprisesearches"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +- apiGroups: ["beat.k8s.elastic.co"] + resources: ["beats"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +- apiGroups: ["agent.k8s.elastic.co"] + resources: ["agents"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +- apiGroups: ["maps.k8s.elastic.co"] + resources: ["elasticmapsservers"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +# Source: eck-operator/templates/role-bindings.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-operator + labels: + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: elastic-operator +subjects: +- kind: ServiceAccount + name: elastic-operator + namespace: elastic-system +--- +# Source: eck-operator/templates/webhook.yaml +apiVersion: v1 +kind: Service +metadata: + name: elastic-webhook-server + namespace: elastic-system + labels: + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +spec: + ports: + - name: https + port: 443 + targetPort: 9443 + selector: + control-plane: elastic-operator +--- +# Source: eck-operator/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: elastic-operator + namespace: elastic-system + labels: + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +spec: + selector: + matchLabels: + control-plane: elastic-operator + serviceName: elastic-operator + replicas: 1 + template: + metadata: + annotations: + # Rename the fields "error" to "error.message" and "source" to "event.source" + # This is to avoid a conflict with the ECS "error" and "source" documents. + "co.elastic.logs/raw": "[{\"type\":\"container\",\"json.keys_under_root\":true,\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]" + "checksum/config": 3c2010a9355a35f49003014b553c3315c92569d20875c18788dd85b73a97c6c7 + labels: + control-plane: elastic-operator + spec: + terminationGracePeriodSeconds: 10 + serviceAccountName: elastic-operator + securityContext: + runAsNonRoot: true + containers: + - image: "docker.elastic.co/eck/eck-operator:1.6.0" + imagePullPolicy: IfNotPresent + name: manager + args: + - "manager" + - "--config=/conf/eck.yaml" + - "--distribution-channel=all-in-one" + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: WEBHOOK_SECRET + value: elastic-webhook-server-cert + resources: + limits: + cpu: 1 + memory: 512Mi + requests: + cpu: 100m + memory: 150Mi + ports: + - containerPort: 9443 + name: https-webhook + protocol: TCP + volumeMounts: + - mountPath: "/conf" + name: conf + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: conf + configMap: + name: elastic-operator + - name: cert + secret: + defaultMode: 420 + secretName: elastic-webhook-server-cert +--- +# Source: eck-operator/templates/webhook.yaml +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: elastic-webhook.k8s.elastic.co + labels: + control-plane: elastic-operator + app.kubernetes.io/version: "1.6.0" +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-agent-k8s-elastic-co-v1alpha1-agent + failurePolicy: Ignore + name: elastic-agent-validation-v1alpha1.k8s.elastic.co + rules: + - apiGroups: + - agent.k8s.elastic.co + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - agents +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-apm-k8s-elastic-co-v1-apmserver + failurePolicy: Ignore + name: elastic-apm-validation-v1.k8s.elastic.co + rules: + - apiGroups: + - apm.k8s.elastic.co + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - apmservers +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-apm-k8s-elastic-co-v1beta1-apmserver + failurePolicy: Ignore + name: elastic-apm-validation-v1beta1.k8s.elastic.co + rules: + - apiGroups: + - apm.k8s.elastic.co + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - apmservers +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-beat-k8s-elastic-co-v1beta1-beat + failurePolicy: Ignore + name: elastic-beat-validation-v1beta1.k8s.elastic.co + rules: + - apiGroups: + - beat.k8s.elastic.co + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - beats +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-enterprisesearch-k8s-elastic-co-v1-enterprisesearch + failurePolicy: Ignore + name: elastic-ent-validation-v1.k8s.elastic.co + rules: + - apiGroups: + - enterprisesearch.k8s.elastic.co + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - enterprisesearches +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-enterprisesearch-k8s-elastic-co-v1beta1-enterprisesearch + failurePolicy: Ignore + name: elastic-ent-validation-v1beta1.k8s.elastic.co + rules: + - apiGroups: + - enterprisesearch.k8s.elastic.co + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - enterprisesearches +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch + failurePolicy: Ignore + name: elastic-es-validation-v1.k8s.elastic.co + rules: + - apiGroups: + - elasticsearch.k8s.elastic.co + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - elasticsearches +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch + failurePolicy: Ignore + name: elastic-es-validation-v1beta1.k8s.elastic.co + rules: + - apiGroups: + - elasticsearch.k8s.elastic.co + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - elasticsearches +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-kibana-k8s-elastic-co-v1-kibana + failurePolicy: Ignore + name: elastic-kb-validation-v1.k8s.elastic.co + rules: + - apiGroups: + - kibana.k8s.elastic.co + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - kibanas +- clientConfig: + caBundle: Cg== + service: + name: elastic-webhook-server + namespace: elastic-system + path: /validate-kibana-k8s-elastic-co-v1beta1-kibana + failurePolicy: Ignore + name: elastic-kb-validation-v1beta1.k8s.elastic.co + rules: + - apiGroups: + - kibana.k8s.elastic.co + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - kibanas \ No newline at end of file diff --git a/charts/lsdobserve/templates/elastic.configmaps.yaml b/charts/lsdobserve/templates/elastic.configmaps.yaml index e678b73..3cf8353 100644 --- a/charts/lsdobserve/templates/elastic.configmaps.yaml +++ b/charts/lsdobserve/templates/elastic.configmaps.yaml @@ -17,8 +17,8 @@ data: {{ .Files.Get "elastic/lsdobserve-filebeat.ilm.policy.lsdo.json" | indent 4}} lsdobserve-filebeat.ilm.policy.project.json: |- {{ .Files.Get "elastic/lsdobserve-filebeat.ilm.policy.project.json" | indent 4}} - lsdobserve-filebeat.template.7.10.2.json: |- -{{ .Files.Get "elastic/lsdobserve-filebeat.template.7.10.2.json" | indent 4}} + lsdobserve-filebeat.template.7.16.3.json: |- +{{ .Files.Get "elastic/lsdobserve-filebeat.template.7.16.3.json" | indent 4}} lsdobserve-filebeat.template.k8s.json: |- {{ .Files.Get "elastic/lsdobserve-filebeat.template.k8s.json" | indent 4}} lsdobserve-filebeat.template.lsdo.json: |- diff --git a/charts/lsdobserve/templates/elastic.jobs.yaml b/charts/lsdobserve/templates/elastic.jobs.yaml index 0cf1a8a..36c87e8 100644 --- a/charts/lsdobserve/templates/elastic.jobs.yaml +++ b/charts/lsdobserve/templates/elastic.jobs.yaml @@ -74,7 +74,7 @@ spec: name: elastic-filebeat-custom-files - args: - -c - - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.template.7.10.2.json \"https://lsdobserve-es-http:9200/_template/filebeat-7.10.2\"" + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.template.7.16.3.json \"https://lsdobserve-es-http:9200/_template/filebeat-7.16.3\"" command: - /bin/sh env: @@ -138,7 +138,7 @@ spec: name: elastic-filebeat-custom-files - args: - -c - - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.k8s.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.10.2-k8s-%7Bnow%2Fd%7D-000001%3E\"" + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.k8s.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.16.3-k8s-%7Bnow%2Fd%7D-000001%3E\"" command: - /bin/sh env: @@ -154,7 +154,7 @@ spec: name: elastic-filebeat-custom-files - args: - -c - - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.lsdo.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.10.2-lsdo-%7Bnow%2Fd%7D-000001%3E\"" + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.lsdo.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.16.3-lsdo-%7Bnow%2Fd%7D-000001%3E\"" command: - /bin/sh env: @@ -170,7 +170,7 @@ spec: name: elastic-filebeat-custom-files - args: - -c - - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.project.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.10.2-project-all-%7Bnow%2Fd%7D-000001%3E\"" + - "curl -sk -u elastic:$ELASTIC_PASSWORD -H 'Content-Type: application/json' -X PUT -d @/opt/elastic/lsdobserve-filebeat.bootstrap.project.json \"https://lsdobserve-es-http:9200/%3Cfilebeat-7.16.3-project-all-%7Bnow%2Fd%7D-000001%3E\"" command: - /bin/sh env: diff --git a/charts/lsdobserve/templates/elastic.kibana.yaml b/charts/lsdobserve/templates/elastic.kibana.yaml index 09a12db..3545ddf 100644 --- a/charts/lsdobserve/templates/elastic.kibana.yaml +++ b/charts/lsdobserve/templates/elastic.kibana.yaml @@ -34,7 +34,7 @@ spec: # Kibana Ingress {{- if or (eq .Values.lsdobserve.clusterType "gke") (eq .Values.lsdobserve.clusterType "rancher") -}} --- -apiVersion: networking.k8s.io/v1 +apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: @@ -50,10 +50,8 @@ spec: http: paths: - backend: - service: - name: lsdobserve-kb-http - port: - number: 5601 + serviceName: lsdobserve-kb-http + servicePort: 5601 path: / pathType: ImplementationSpecific --- diff --git a/charts/lsdobserve/templates/elastic.metricbeat-prometheus.yaml b/charts/lsdobserve/templates/elastic.metricbeat-prometheus.yaml index 64e0374..099ce43 100644 --- a/charts/lsdobserve/templates/elastic.metricbeat-prometheus.yaml +++ b/charts/lsdobserve/templates/elastic.metricbeat-prometheus.yaml @@ -54,11 +54,17 @@ data: processors: - add_cloud_metadata: + - add_kubernetes_metadata: + + monitoring: + enabled: true output.elasticsearch: - hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}'] + hosts: ['https://${ELASTICSEARCH_HOST:elasticsearch-es-http}:${ELASTICSEARCH_PORT:9200}'] username: ${ELASTICSEARCH_USERNAME} password: ${ELASTICSEARCH_PASSWORD} + ssl.enabled: "true" + ssl.verification_mode: "none" --- apiVersion: apps/v1 kind: Deployment @@ -88,13 +94,16 @@ spec: ] env: - name: ELASTICSEARCH_HOST - value: elasticsearch + value: {{ .Release.Name }}-es-http - name: ELASTICSEARCH_PORT value: "9200" - name: ELASTICSEARCH_USERNAME value: elastic - name: ELASTICSEARCH_PASSWORD - value: changeme + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-es-elastic-user + key: "elastic" - name: NODE_NAME valueFrom: fieldRef: @@ -152,8 +161,8 @@ metadata: name: metricbeat subjects: - kind: ServiceAccount - name: metricbeat - namespace: kube-system + name: {{ .Release.Name }}-metricbeat + namespace: {{ .Release.Name }} roleRef: kind: ClusterRole name: metricbeat diff --git a/charts/lsdobserve/templates/elastic.metricbeat.yaml b/charts/lsdobserve/templates/elastic.metricbeat.yaml index 0f9e871..4cbfd77 100644 --- a/charts/lsdobserve/templates/elastic.metricbeat.yaml +++ b/charts/lsdobserve/templates/elastic.metricbeat.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: metricbeat + name: {{ .Release.Name }}-metricbeat rules: - apiGroups: - "" @@ -49,14 +49,14 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: metricbeat + name: {{ .Release.Name }}-metricbeat subjects: - kind: ServiceAccount - name: metricbeat + name: {{ .Release.Name }}-metricbeat namespace: lsdobserve roleRef: kind: ClusterRole - name: metricbeat + name: {{ .Release.Name }}-metricbeat apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 @@ -141,7 +141,7 @@ spec: - -c - /etc/beat.yml - -system.hostfs=/hostfs - name: metricbeat + name: {{ .Release.Name }}-metricbeat volumeMounts: - mountPath: /hostfs/sys/fs/cgroup name: cgroup diff --git a/charts/lsdobserve/values-mark.yaml b/charts/lsdobserve/values-mark.yaml new file mode 100644 index 0000000..7344253 --- /dev/null +++ b/charts/lsdobserve/values-mark.yaml @@ -0,0 +1,521 @@ +# LSDobserve +lsdobserve: + # There are your options clusterType: openshift | gke | rancher + clusterType: "rancher" + #eckNamespace: &anchoreckNamespace "lsdobserve" + eckOperatorVersion: &anchoreckOperatorVersion "1.9.1" + eckVersion: &anchoreckVersion "7.16.3" + eckElasticsearchImage: &anchoreckElasticsearchImage "docker.elastic.co/elasticsearch/elasticsearch:7.16.3" + eckKibanaImage: &anchoreckKibanaImage "docker.elastic.co/kibana/kibana:7.16.3" + eckApmImage: &anchoreckApmImage "docker.elastic.co/apm/apm-server:7.16.3" + eckFilebeatImage: &anchoreckFilebeatImage "docker.elastic.co/beats/filebeat:7.16.3" + eckMetricbeatImage: &anchoreckMetricbeatImage "docker.elastic.co/beats/metricbeat:7.16.3" + elasticClusterSize: &anchorelasticClusterSize "1" + kibanaURL: &anchorkibanaURL "kibana.rancher.my.org" + logstashJavaOpts: &anchorlogstashJavaOpts "-Xms1g -Xmx1g" + grafanaUsername: &anchorgrafanaUsername "admin" + grafanaPassword: &anchorgrafanaPassword "ChangeMe-PasswordForGrafana" + grafanaVersion: &anchorgrafanaVersion "7.5.2" + grafanaURL: &anchorgrafanaURL "grafana.rancher.my.org" + prometheusRenention: &anchorprometheusRenention "30d" + prometheusURL: &anchorprometheusURL "prometheus.rancher.my.org" + prometheusHttpURL: &anchorprometheusHttpURL "https://prometheus.rancher.my.org" + prometheusStorageSize: &anchorprometheusStorageSize "25Gi" + alertmanagerURL: &anchoralertmanagerURL "alertmanager.rancher.my.org" + alertmanagerHttpURL: &anchoralertmanagerHttpURL "https://alertmanager.rancher.my.org" + smtpHost: &anchorsmtpHost "smtp.lsdopen.io" + smtpPort: &anchorsmtpPort "25" + smtpSmartHost: &anchorsmtpSmartHost "smtp.lsdopen.io:25" + supportAddress: &anchorsupportAddress "address-that-must-receive-alerts@lsdopen.io" + fromAddress: &anchorfromAddress "lsdobserve+noreply+k8s-01.qa.lsdopen.io@lsdopen.io" + fromName: &anchorfromName "LSDobserve - LSD - k8s-01.qa.lsdopen.io@lsdopen.io" + storageClass: &anchorstorageClass "longhorn" + curl: + image: docker.io/curlimages/curl:7.74.0 + grafana: + enabled: true + ingress: + url: *anchorgrafanaURL + elastic: + enabled: true + image: *anchoreckElasticsearchImage + version: *anchoreckVersion + count: *anchorelasticClusterSize + storage: "50Gi" + storageClassName: *anchorstorageClass + filebeat: + enabled: true + image: *anchoreckFilebeatImage + version: *anchoreckVersion + ## Metricbeat as a Daemonset to collect metrics from Nodes + metricbeat: + enabled: true + image: *anchoreckMetricbeatImage + version: *anchoreckVersion + ## Metricbeat to connect to Prometheus + metricbeatPrometheus: + enabled: true + image: *anchoreckMetricbeatImage + version: *anchoreckVersion + apm: + enabled: false + image: *anchoreckApmImage + version: *anchoreckVersion + kibana: + enabled: true + image: *anchoreckKibanaImage + version: *anchoreckVersion + count: "1" + ingress: + url: *anchorkibanaURL + +# Logstash +logstash: + image: "docker.elastic.co/logstash/logstash" + imageTag: *anchoreckVersion + replicas: "0" + logstashJavaOpts: *anchorlogstashJavaOpts + resources: + requests: + cpu: "100m" + memory: "1536Mi" + limits: + cpu: "1000m" + memory: "1536Mi" + volumeClaimTemplate: {} + service: + type: ClusterIP + loadBalancerIP: "" + ports: + - name: beats + port: 5044 + protocol: TCP + targetPort: 5044 + logstashPatternDir: "/usr/share/logstash/patterns/" + logstashConfig: + logstash.yml: | + http.host: "0.0.0.0" + monitoring.enabled: true + monitoring.elasticsearch.username: elastic + monitoring.elasticsearch.password: ${ELASTIC_PASSWORD} + monitoring.elasticsearch.hosts: [ "https://lsdobserve-es-http:9200" ] + monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/certs/tls.crt + pipeline.ordered: false + pipelines.yml: | + - pipeline.id: main + path.config: "/usr/share/logstash/pipeline" + - pipeline.id: lsdobserve + path.config: "/usr/share/logstash/pipeline/lsdobserve" + secretMounts: + - name: elastic-ca-certs + secretName: lsdobserve-es-http-ca-internal + path: /usr/share/logstash/certs + defaultMode: 420 + extraEnvs: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: lsdobserve-es-elastic-user + key: elastic + extraVolumes: | + - configMap: + defaultMode: 420 + name: logstash-pipeline + name: logstash-pipeline + - configMap: + defaultMode: 420 + name: logstash-pipeline-lsdobserve + name: logstash-pipeline-lsdobserve + - configMap: + defaultMode: 420 + name: logstash-patterns + name: logstash-patterns + extraVolumeMounts: | + - mountPath: /usr/share/logstash/pipeline + name: logstash-pipeline + - mountPath: /usr/share/logstash/pipeline/lsdobserve + name: logstash-pipeline-lsdobserve + - mountPath: /usr/share/logstash/patterns + name: logstash-patterns + +# Elastic Operator +# To get a latest values you can run: +# helm show values elastic/eck-operator +eck-operator: + image: + # repository is the container image prefixed by the registry name. + # skopeo copy --all docker://docker.elastic.co/eck/eck-operator:1.5.0 docker://my.local.registry:5000/eck/eck-operator:1.5.0 + repository: docker.elastic.co/eck/eck-operator + tag: *anchoreckOperatorVersion + replicaCount: 1 + # installCRDs must be disabled because CRDs are put into the Helm chart + installCRDs: false + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 20m + memory: 150Mi + +# Grafana +# To get a latest values you can run: +# helm show values grafana/grafana +grafana: + adminUser: *anchorgrafanaUsername + adminPassword: *anchorgrafanaPassword + image: + repository: grafana/grafana + tag: *anchorgrafanaVersion + # If you want to install on specific nodes, for example Infra nodes on Openshift + nodeSelector: + node-role.kubernetes.io/worker: "true" + replicas: 1 + deploymentStrategy: { "type": "Recreate" } + # ingress is disable because it is created via the lsd-observe template + ingress: + enabled: false + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 128Mi + persistence: + enabled: "true" + type: pvc + size: 1Gi + storageClassName: *anchorstorageClass + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: LSDobserve - Prometheus + type: prometheus + url: http://lsdobserve-prometheus-server + isDefault: true + dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: "ds-01" + orgId: 1 + folder: "LSDcontainer" + type: file + disableDeletion: false + editable: false + options: + path: /var/lib/grafana/dashboards/ds-01 + dashboardsConfigMaps: + ds-01: "grafana-dashboard-kubernetes-overview" + ds-02: "grafana-dashboard-namespace-details" + ds-03: "grafana-dashboard-node-namespace-details" + ds-04: "grafana-dashboard-rook-ceph-overview" + ds-05: "node-exporter-for-prometheus-dashboard" + imageRenderer: + enabled: false + replicas: 1 + image: + repository: grafana/grafana-image-renderer + tag: latest + service: + portName: "http" + port: 8081 + podPortName: http + revisionHistoryLimit: 10 + networkPolicy: + limitIngress: true + limitEgress: false + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 50m + memory: 50Mi + +# Prometheus +# To get a latest values you can run: +# helm show values prometheus-community/prometheus +prometheus: + configmapReload: + prometheus: + enabled: true + name: configmap-reload + image: + repository: jimmidyson/configmap-reload + tag: v0.4.0 + alertmanager: + enabled: true + name: configmap-reload + image: + repository: jimmidyson/configmap-reload + tag: v0.4.0 + # https://kubernetes.github.io/kube-state-metrics + kubeStateMetrics: + enabled: true + image: + repository: quay.io/coreos/kube-state-metrics + tag: v1.9.7 + server: + image: + repository: quay.io/prometheus/prometheus + tag: v2.26.0 + replicaCount: 1 + baseURL: *anchorprometheusHttpURL + retention: *anchorprometheusRenention + statefulSet: + enabled: true + ingress: + enabled: true + hosts: + - *anchorprometheusURL + persistentVolume: + enabled: true + accessModes: + - ReadWriteOnce + size: *anchorprometheusStorageSize + resources: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 100m + memory: 512Mi + pushgateway: + enabled: false + nodeExporter: + image: + repository: quay.io/prometheus/node-exporter + tag: v1.0.1 + enabled: true + hostNetwork: true + hostPID: true + name: node-exporter + pod: + labels: + org: lsd + product: lsdobserve + name: node-exporter + resources: + limits: + cpu: 200m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + securityContext: {} + service: + annotations: + prometheus.io/scrape: "true" + labels: {} + clusterIP: None + externalIPs: [] + hostPort: 8100 + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 8100 + type: ClusterIP + tolerations: + - key: "node-role.kubernetes.io/controlplane" + operator: "Exists" + - key: "node-role.kubernetes.io/etcd" + operator: "Exists" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + alertmanager: + enabled: true + replicaCount: 3 + prefixURL: "" + baseURL: *anchoralertmanagerHttpURL + service: + enableMeshPeer: true + statefulSet: + enabled: true + annotations: {} + labels: {} + podManagementPolicy: OrderedReady + headless: + annotations: {} + labels: {} + enableMeshPeer: true + image: + repository: prom/alertmanager + tag: v0.21.0 + ingress: + enabled: true + hosts: + - *anchoralertmanagerURL + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 32Mi + persistentVolume: + enabled: true + accessModes: + - ReadWriteOnce + size: 1Gi + alertmanagerFiles: + alertmanager.yml: + global: + resolve_timeout: 5m + receivers: + - name: LSD Support + email_configs: + - to: *anchorsupportAddress + from: *anchorfromAddress + smarthost: *anchorsmtpSmartHost + require_tls: false + auth_username: "" + auth_password: "" + route: + group_by: + - job + group_interval: 5m + group_wait: 30s + receiver: "LSD Support" + repeat_interval: 12h + routes: + - receiver: LSD Support + match: + severity: warning + - receiver: LSD Support + match: + severity: critical + serverFiles: + alerting_rules.yml: + groups: + - name: Instances + rules: + - alert: InstanceDown + expr: up == 0 + for: 5m + labels: + severity: warning + annotations: + description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes." + message: "When Instance/Endpoints are marked as down it means Prometheus cannot scrape those targets. You can get more details by gong to the Prometheus frontend, going to Status and Targets. You always want all you Instance/Endpoints up else you will not be able to monitor anything" + - name: NodesMarkedAsUnscheduled + rules: + - alert: NodesMarkedAsUnscheduled + expr: kube_node_spec_unschedulable > 0 + for: 1h + labels: + severity: warning + annotations: + description: "{{ $labels.kubernetes_node }} is marked as Unscheduled for longer than 1h minutes." + message: "When Nodes are marked Unscheduled no new pods will be scheduled " + - name: NodeMemoryUsageAbove85Percent + rules: + - alert: NodeMemoryUsageAbove85Percent + expr: 100 * (1 - ((avg_over_time(node_memory_MemFree_bytes[2m]) + avg_over_time(node_memory_Cached_bytes[2m]) + avg_over_time(node_memory_Buffers_bytes[2m]) + avg_over_time(node_memory_SReclaimable_bytes[2m])) / avg_over_time(node_memory_MemTotal_bytes[2m]))) > 85 < 90 + for: 1h + labels: + severity: warning + annotations: + description: '{{ $labels.kubernetes_node }} is using {{ printf "%.0f" $value }}% of the total memory' + message: "When the memory of a node is exhausted pods will be evicted and sacrificed to keep the node ready. It is recommended that you cordon node {{ $labels.kubernetes_node }} and delete a couple of pods on the node, forcing them to start up on another node, then uncordone {{ $labels.kubernetes_node }}. You can find more info here: https://kubernetes.io/docs/tasks/administer-cluster/out-of-resource/" + - name: NodeMemoryUsageAbove95Percent + rules: + - alert: NodeMemoryUsageAbove95Percent + expr: 100 * (1 - ((avg_over_time(node_memory_MemFree_bytes[2m]) + avg_over_time(node_memory_Cached_bytes[2m]) + avg_over_time(node_memory_Buffers_bytes[2m]) + avg_over_time(node_memory_SReclaimable_bytes[2m])) / avg_over_time(node_memory_MemTotal_bytes[2m]))) > 95 + for: 1h + labels: + severity: critical + annotations: + description: '{{ $labels.kubernetes_node }} is using {{ printf "%.0f" $value }}% of the total memory' + message: "When the memory of a node is exhausted pods will be evicted and sacrificed to keep the node ready. It is recommended that you cordon node {{ $labels.kubernetes_node }} and delete a couple of pods on the node, forcing them to start up on another node, then uncordone {{ $labels.kubernetes_node }}. You can find more info here: https://kubernetes.io/docs/tasks/administer-cluster/out-of-resource/" + - name: PVCUsageOver85Percent + rules: + - alert: PVCUsageOver85Percent + expr: (kubelet_volume_stats_used_bytes / kubelet_volume_stats_capacity_bytes) * 100 > 85 + for: 1h + labels: + severity: warning + annotations: + description: 'PVC {{ $labels.persistentvolumeclaim }} in namespace {{ $labels.namespace }} is using {{ printf "%.0f" $value }}% of the capacity' + message: 'You will need to go into the Pod that is using that PVC and clean up some storage. For example "kubectl -n {{ $labels.namespace }} exec -it PODNAME -- sh"' + - name: PVCUsageOver95Percent + rules: + - alert: PVCUsageOver95Percent + expr: (kubelet_volume_stats_used_bytes / kubelet_volume_stats_capacity_bytes) * 100 > 95 + for: 1h + labels: + severity: critical + annotations: + description: 'PVC {{ $labels.persistentvolumeclaim }} in namespace {{ $labels.namespace }} is using {{ printf "%.0f" $value }}% of the capacity' + message: 'You will need to go into the Pod that is using that PVC and clean up some storage. For example "kubectl -n {{ $labels.namespace }} exec -it PODNAME -- sh"' + - name: NodeFileSystemUsageOver85Percent + rules: + - alert: NodeFileSystemUsageOver85Percent + expr: 100 - ((node_filesystem_avail_bytes {mountpoint!~".*/host/.*",mountpoint!~".*/etc/.*",mountpoint!~".*/run/secrets.*",mountpoint!~".*/var/run/.*"} * 100) / node_filesystem_size_bytes {mountpoint!~".*/host/.*",mountpoint!~".*/etc/.*",mountpoint!~".*/run/secrets.*",mountpoint!~".*/var/run/.*"}) > 85 + for: 1h + labels: + severity: warning + annotations: + description: 'Mount point {{ $labels.mountpoint }} on Node {{ $labels.kubernetes_node }} is at {{ printf "%.0f" $value }}% of total capacity' + message: "You will need to SSH into Node {{ $labels.kubernetes_node }} and clean up storage on {{ $labels.mountpoint }}" + - name: NodeFileSystemUsageOver95Percent + rules: + - alert: NodeFileSystemUsageOver95Percent + expr: 100 - ((node_filesystem_avail_bytes {mountpoint!~".*/host/.*",mountpoint!~".*/etc/.*",mountpoint!~".*/run/secrets.*",mountpoint!~".*/var/run/.*"} * 100) / node_filesystem_size_bytes {mountpoint!~".*/host/.*",mountpoint!~".*/etc/.*",mountpoint!~".*/run/secrets.*",mountpoint!~".*/var/run/.*"}) > 95 + for: 1h + labels: + severity: critical + annotations: + description: 'Mount point {{ $labels.mountpoint }} on Node {{ $labels.kubernetes_node }} is at {{ printf "%.0f" $value }}% of total capacity' + message: "You will need to SSH into Node {{ $labels.kubernetes_node }} and clean up storage on {{ $labels.mountpoint }}" + - name: TotalAvailableCPURequestsOver90Percent + rules: + - alert: TotalAvailableCPURequestsOver90Percent + expr: (sum ((sum(kube_pod_container_resource_requests_cpu_cores{container!="deployment",container!="docker-build",namespace!="logging",namespace!="default",namespace!~".*openshift-.*",namespace!~".*openmonitoring.*",namespace!~".*kube-.*"} > 0) by (container,pod) / count(kube_pod_container_status_running > 0) by (container,pod))*1000)) / (sum (kube_node_status_allocatable_cpu_cores)*1000) * 100 > 90 + for: 1h + labels: + severity: critical + annotations: + description: 'The total allowed CPU requests are at {{ printf "%.0f" $value }}%' + message: "When the total allowed CPU requests hits 100% no more pods will be allowed to start up. You either need to lower the CPU requests of pods or add more CPU into the cluster" + - name: NodeCpuUtilizationOver95Percent + rules: + - alert: NodeCpuUtilizationOver95Percent + expr: 100 - (avg by (kubernetes_node) (rate( node_cpu_seconds_total {mode="idle"}[2m])) * 100) > 95 + for: 1h + labels: + severity: warning + annotations: + description: 'Node {{ $labels.kubernetes_node }} has a CPU utlization over 95% for over 1 hour. Current CPU utilization of Node {{ $labels.kubernetes_node }} is {{ printf "%.0f" $value }}%' + message: "When the CPU is maxed out for over an hour it indicates an that a process is killing the node or the node does not have enough CPU assigned to it" + - name: NodeLoadOver50 + rules: + - alert: NodeLoadOver50 + expr: node_load15 > 50 + for: 1h + labels: + severity: critical + annotations: + description: 'Node {{ $labels.kubernetes_node }} has a 15 minute load average of {{ printf "%.0f" $value }}%' + message: "When the load is over 50 this indicates an issue of high CPU, low memory (going into swap) and high disk utlization" + - name: RookCephClusterOver90Percent + rules: + - alert: RookCephClusterOver90Percent + expr: 100 - (sum without(instance) ((ceph_cluster_total_bytes - ceph_cluster_total_used_bytes) / ceph_cluster_total_bytes) * 100) > 90 + for: 5m + labels: + severity: critical + annotations: + description: 'Namespace {{ $labels.kubernetes_namespace }} contains a Ceph cluster with a current usage of {{ printf "%.0f" $value }}%' + message: "Ceph clusters over 95% can begin to fail and need to be expanded or pruned" + - name: PodNotReady + rules: + - alert: PodNotReady + expr: sum by(namespace, pod, container) (kube_pod_container_status_waiting_reason{namespace=~"(openshift-.*|kube-.*|default|logging)"}) > 0 + for: 30m + labels: + severity: warning + annotations: + description: "Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready state for longer than 30 minutes" + message: "Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready state for longer than 30 minutes" From ffb539dc199a0a65874144164c52dbd91dfe94e3 Mon Sep 17 00:00:00 2001 From: Mark Billett Date: Wed, 9 Feb 2022 15:42:42 +0200 Subject: [PATCH 10/11] LSDo: changes to metricbeat config for scraping prometheus --- {ahoy => charts/ahoy}/Chart.yaml | 0 .../ahoy}/templates/cluster-role-binding.yaml | 0 .../ahoy}/templates/deployment.yaml | 0 {ahoy => charts/ahoy}/templates/ingress.yaml | 0 .../templates/keycloak-realm-configmap.yaml | 0 .../templates/properties-prod-configmap.yaml | 0 {ahoy => charts/ahoy}/templates/route.yaml | 0 .../ahoy}/templates/service-account.yaml | 0 {ahoy => charts/ahoy}/templates/service.yaml | 0 {ahoy => charts/ahoy}/values-gke.yaml | 0 {ahoy => charts/ahoy}/values-k8s.yaml | 0 {ahoy => charts/ahoy}/values-ocp.yaml | 0 {ahoy => charts/ahoy}/values.yaml | 0 .../elastic.metricbeat-prometheus.yaml | 94 +++++++++++-------- .../templates/elastic.metricbeat.yaml | 2 +- 15 files changed, 55 insertions(+), 41 deletions(-) rename {ahoy => charts/ahoy}/Chart.yaml (100%) rename {ahoy => charts/ahoy}/templates/cluster-role-binding.yaml (100%) rename {ahoy => charts/ahoy}/templates/deployment.yaml (100%) rename {ahoy => charts/ahoy}/templates/ingress.yaml (100%) rename {ahoy => charts/ahoy}/templates/keycloak-realm-configmap.yaml (100%) rename {ahoy => charts/ahoy}/templates/properties-prod-configmap.yaml (100%) rename {ahoy => charts/ahoy}/templates/route.yaml (100%) rename {ahoy => charts/ahoy}/templates/service-account.yaml (100%) rename {ahoy => charts/ahoy}/templates/service.yaml (100%) rename {ahoy => charts/ahoy}/values-gke.yaml (100%) rename {ahoy => charts/ahoy}/values-k8s.yaml (100%) rename {ahoy => charts/ahoy}/values-ocp.yaml (100%) rename {ahoy => charts/ahoy}/values.yaml (100%) diff --git a/ahoy/Chart.yaml b/charts/ahoy/Chart.yaml similarity index 100% rename from ahoy/Chart.yaml rename to charts/ahoy/Chart.yaml diff --git a/ahoy/templates/cluster-role-binding.yaml b/charts/ahoy/templates/cluster-role-binding.yaml similarity index 100% rename from ahoy/templates/cluster-role-binding.yaml rename to charts/ahoy/templates/cluster-role-binding.yaml diff --git a/ahoy/templates/deployment.yaml b/charts/ahoy/templates/deployment.yaml similarity index 100% rename from ahoy/templates/deployment.yaml rename to charts/ahoy/templates/deployment.yaml diff --git a/ahoy/templates/ingress.yaml b/charts/ahoy/templates/ingress.yaml similarity index 100% rename from ahoy/templates/ingress.yaml rename to charts/ahoy/templates/ingress.yaml diff --git a/ahoy/templates/keycloak-realm-configmap.yaml b/charts/ahoy/templates/keycloak-realm-configmap.yaml similarity index 100% rename from ahoy/templates/keycloak-realm-configmap.yaml rename to charts/ahoy/templates/keycloak-realm-configmap.yaml diff --git a/ahoy/templates/properties-prod-configmap.yaml b/charts/ahoy/templates/properties-prod-configmap.yaml similarity index 100% rename from ahoy/templates/properties-prod-configmap.yaml rename to charts/ahoy/templates/properties-prod-configmap.yaml diff --git a/ahoy/templates/route.yaml b/charts/ahoy/templates/route.yaml similarity index 100% rename from ahoy/templates/route.yaml rename to charts/ahoy/templates/route.yaml diff --git a/ahoy/templates/service-account.yaml b/charts/ahoy/templates/service-account.yaml similarity index 100% rename from ahoy/templates/service-account.yaml rename to charts/ahoy/templates/service-account.yaml diff --git a/ahoy/templates/service.yaml b/charts/ahoy/templates/service.yaml similarity index 100% rename from ahoy/templates/service.yaml rename to charts/ahoy/templates/service.yaml diff --git a/ahoy/values-gke.yaml b/charts/ahoy/values-gke.yaml similarity index 100% rename from ahoy/values-gke.yaml rename to charts/ahoy/values-gke.yaml diff --git a/ahoy/values-k8s.yaml b/charts/ahoy/values-k8s.yaml similarity index 100% rename from ahoy/values-k8s.yaml rename to charts/ahoy/values-k8s.yaml diff --git a/ahoy/values-ocp.yaml b/charts/ahoy/values-ocp.yaml similarity index 100% rename from ahoy/values-ocp.yaml rename to charts/ahoy/values-ocp.yaml diff --git a/ahoy/values.yaml b/charts/ahoy/values.yaml similarity index 100% rename from ahoy/values.yaml rename to charts/ahoy/values.yaml diff --git a/charts/lsdobserve/templates/elastic.metricbeat-prometheus.yaml b/charts/lsdobserve/templates/elastic.metricbeat-prometheus.yaml index 099ce43..8add036 100644 --- a/charts/lsdobserve/templates/elastic.metricbeat-prometheus.yaml +++ b/charts/lsdobserve/templates/elastic.metricbeat-prometheus.yaml @@ -10,47 +10,60 @@ metadata: name: {{ .Release.Name }}-metricbeat-prometheus data: metricbeat.yml: |- - metricbeat.config.modules: - # Mounted `metricbeat-daemonset-modules` configmap: - path: ${path.config}/modules.d/*.yml - # Reload module configs as they change: - reload.enabled: false + metricbeat.modules: + # Metrics collected from a Prometheus endpoint + - module: prometheus + period: 30s + metricsets: ["collector"] + hosts: ["${LSDOBSERVE_PROMETHEUS_SERVER_PORT_80_TCP_ADDR}:${LSDOBSERVE_PROMETHEUS_SERVER_PORT_80_TCP_PORT}"] + metrics_path: /metrics + #metrics_filters: + # include: [] + # exclude: [] + #username: "user" + #password: "secret" - metricbeat.autodiscover: - providers: - - type: kubernetes - scope: cluster - node: ${NODE_NAME} - unique: true - templates: - - config: - - module: kubernetes - hosts: ["{{ .Release.Name }}-kube-state-metrics:8080"] - period: 10s - add_metadata: true - metricsets: - - state_node - - state_deployment - - state_daemonset - - state_replicaset - - state_pod - - state_container - - state_cronjob - - state_resourcequota - - state_statefulset - - module: kubernetes - metricsets: - - apiserver - - event - hosts: ["https://kubernetes.default.svc.cluster.local"] - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - ssl.certificate_authorities: - - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - period: 30s - # To enable hints based autodiscover uncomment this: - - type: kubernetes - node: ${NODE_NAME} - hints.enabled: true + # This can be used for service account based authorization: + #bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + #ssl.certificate_authorities: + # - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + + + # Metrics sent by a Prometheus server using remote_write option + #- module: prometheus + # metricsets: ["remote_write"] + # host: "localhost" + # port: "9201" + + # Secure settings for the server using TLS/SSL: + #ssl.certificate: "/etc/pki/server/cert.pem" + #ssl.key: "/etc/pki/server/cert.key" + + # Metrics that will be collected using a PromQL + #- module: prometheus + # metricsets: ["query"] + # hosts: ["localhost:9090"] + # period: 10s + # queries: + # - name: "instant_vector" + # path: "/api/v1/query" + # params: + # query: "sum(rate(prometheus_http_requests_total[1m]))" + # - name: "range_vector" + # path: "/api/v1/query_range" + # params: + # query: "up" + # start: "2019-12-20T00:00:00.000Z" + # end: "2019-12-21T00:00:00.000Z" + # step: 1h + # - name: "scalar" + # path: "/api/v1/query" + # params: + # query: "100" + # - name: "string" + # path: "/api/v1/query" + # params: + # query: "some_value" processors: - add_cloud_metadata: @@ -65,6 +78,7 @@ data: password: ${ELASTICSEARCH_PASSWORD} ssl.enabled: "true" ssl.verification_mode: "none" + --- apiVersion: apps/v1 kind: Deployment diff --git a/charts/lsdobserve/templates/elastic.metricbeat.yaml b/charts/lsdobserve/templates/elastic.metricbeat.yaml index 4cbfd77..b5873a2 100644 --- a/charts/lsdobserve/templates/elastic.metricbeat.yaml +++ b/charts/lsdobserve/templates/elastic.metricbeat.yaml @@ -87,7 +87,7 @@ spec: type: kubernetes modules: - module: system - period: 10s + period: 20s metricsets: - cpu - load From f517dd64e8af81c96ea44f3df3d6710ce07553c7 Mon Sep 17 00:00:00 2001 From: Zak McGregor Date: Thu, 19 May 2022 09:14:17 +0200 Subject: [PATCH 11/11] Elastic CRD up to date --- charts/lsdobserve/crds/elastic-crds.yaml | 8538 +++++++++++----------- 1 file changed, 4153 insertions(+), 4385 deletions(-) diff --git a/charts/lsdobserve/crds/elastic-crds.yaml b/charts/lsdobserve/crds/elastic-crds.yaml index 2e4c359..973cb07 100644 --- a/charts/lsdobserve/crds/elastic-crds.yaml +++ b/charts/lsdobserve/crds/elastic-crds.yaml @@ -1,91 +1,16 @@ -# Source: eck-operator/templates/operator-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: elastic-system - labels: - name: elastic-system ---- -# Source: eck-operator/templates/service-account.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: elastic-operator - namespace: elastic-system - labels: - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" ---- -# Source: eck-operator/templates/webhook.yaml -apiVersion: v1 -kind: Secret -metadata: - name: elastic-webhook-server-cert - namespace: elastic-system - labels: - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" ---- -# Source: eck-operator/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: elastic-operator - namespace: elastic-system - labels: - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" -data: - eck.yaml: |- - log-verbosity: 0 - metrics-port: 0 - container-registry: docker.elastic.co - max-concurrent-reconciles: 3 - ca-cert-validity: 8760h - ca-cert-rotate-before: 24h - cert-validity: 8760h - cert-rotate-before: 24h - set-default-security-context: true - kube-client-timeout: 60s - elasticsearch-client-timeout: 180s - disable-telemetry: false - validate-storage-class: true - enable-webhook: true - webhook-name: elastic-webhook.k8s.elastic.co - namespaces: lsdobserve ---- -# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'elastic-operator' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' + app.kubernetes.io/version: '2.0.0' name: agents.agent.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: available - type: integer - - JSONPath: .status.expectedNodes - description: Expected nodes - name: expected - type: integer - - JSONPath: .status.version - description: Agent version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: agent.k8s.elastic.co names: categories: @@ -97,248 +22,425 @@ spec: - agent singular: agent scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Agent is the Schema for the Agents API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AgentSpec defines the desired state of the Agent - properties: - config: - description: Config holds the Agent configuration. At most one of [`Config`, - `ConfigRef`] can be specified. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Agent configuration. Agent settings must be specified - as yaml, under a single "agent.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - daemonSet: - description: DaemonSet specifies the Agent should be deployed as a DaemonSet, - and allows providing its spec. Cannot be used along with `deployment`. - properties: - updateStrategy: - description: DaemonSetUpdateStrategy is a struct used to control - the update strategy for a DaemonSet. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: available + type: integer + - description: Expected nodes + jsonPath: .status.expectedNodes + name: expected + type: integer + - description: Agent version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Agent is the Schema for the Agents API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AgentSpec defines the desired state of the Agent + properties: + config: + description: Config holds the Agent configuration. At most one of [`Config`, `ConfigRef`] can be specified. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Agent configuration. Agent settings must be specified as yaml, under a single "agent.yml" entry. At most one of [`Config`, `ConfigRef`] can be specified. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + daemonSet: + description: DaemonSet specifies the Agent should be deployed as a DaemonSet, and allows providing its spec. Cannot be used along with `deployment`. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + updateStrategy: + description: DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. + type: string + type: object + type: object + deployment: + description: Deployment specifies the Agent should be deployed as a Deployment, and allows providing its spec. Cannot be used along with `daemonSet`. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + replicas: + format: int32 + type: integer + strategy: + description: DeploymentStrategy describes how to replace existing pods with new ones. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. + type: string + type: object + type: object + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single ES cluster is currently supported. + items: properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow our - convention for oneOf, whatever we decide it to be. Same as - Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0. Default value is 1. Example: when - this is set to 30%, at most 30% of the total number of - nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods in - their place. Once the new pods are available, it then - proceeds onto other DaemonSet pods, thus ensuring that - at least 70% of original number of DaemonSet pods are - available at all times during the update.' - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. + name: + description: Name of the Kubernetes object. type: string - type: object - type: object - deployment: - description: Deployment specifies the Agent should be deployed as a - Deployment, and allows providing its spec. Cannot be used along with - `daemonSet`. - properties: - replicas: - format: int32 - type: integer - strategy: - description: DeploymentStrategy describes how to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update this - to follow our convention for oneOf, whatever we decide it - to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. Absolute number - is calculated from percentage by rounding up. Defaults - to 25%. Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update starts, - such that the total number of old and new pods do not - exceed 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that - total number of pods running at any time during the update - is at most 130% of desired pods.' - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately when the rolling - update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the - new ReplicaSet, ensuring that the total number of pods - available at all times during the update is at least 70% - of desired pods.' - type: object - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". - Default is RollingUpdate. + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + outputName: + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. type: string + required: + - name type: object - type: object - elasticsearchRefs: - description: ElasticsearchRefs is a reference to a list of Elasticsearch - clusters running in the same Kubernetes cluster. Due to existing limitations, - only a single ES cluster is currently supported. - items: + type: array + fleetServerEnabled: + description: FleetServerEnabled determines whether this Agent will launch Fleet Server. Don't set unless `mode` is set to `fleet`. + type: boolean + fleetServerRef: + description: FleetServerRef is a reference to Fleet Server that this Agent should connect to to obtain it's configuration. Don't set unless `mode` is set to `fleet`. properties: name: description: Name of the Kubernetes object. type: string namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - outputName: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string serviceName: - description: ServiceName is the name of an existing Kubernetes - service which will be used to make requests to the referenced - object. It has to be in the same namespace as the referenced - resource. If left empty the default HTTP service of the referenced - resource will be used. + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. type: string required: - name type: object - type: array - image: - description: Image is the Agent Docker image to deploy. Version has - to match the Agent in the image. - type: string - secureSettings: - description: SecureSettings is a list of references to Kubernetes Secrets - containing sensitive configuration options for the Agent. Secrets - data can be then referenced in the Agent config using the Secret's - keys or as specified in `Entries` field of each SecureSetting. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + http: + description: HTTP holds the HTTP layer configuration for the Agent in Fleet mode with Fleet Server enabled. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. + properties: + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Agent Docker image to deploy. Version has to match the Agent in the image. + type: string + kibanaRef: + description: KibanaRef is a reference to Kibana where Fleet should be set up and this Agent should be enrolled. Don't set unless `mode` is set to `fleet`. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. type: string required: - - secretName + - name + type: object + mode: + description: Mode specifies the source of configuration for the Agent. The configuration can be specified locally through `config` or `configRef` (`standalone` mode), or come from Fleet during runtime (`fleet` mode). Defaults to `standalone` mode. + enum: + - standalone + - fleet + type: string + secureSettings: + description: SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Agent. Secrets data can be then referenced in the Agent config using the Secret's keys or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes Secret. + properties: + entries: + description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current resource to an Elasticsearch resource in a different namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of the Agent. + type: string + required: + - version + type: object + status: + description: AgentStatus defines the observed state of the Agent + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationsStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that have a single Association of a given type (for ex. single ES reference), this map contains a single entry. type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to an Elasticsearch resource in a different namespace. Can - only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of the Agent. - type: string - required: - - version - type: object - status: - description: AgentStatus defines the observed state of the Agent - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationsStatus: - additionalProperties: + expectedNodes: + format: int32 + type: integer + fleetServerAssociationStatus: description: AssociationStatus is the status of an association resource. type: string - description: AssociationStatusMap is the map of association's namespaced - name string to its AssociationStatus. For resources that have a single - Association of a given type (eg. single ES reference), this map will - contain a single entry. - type: object - expectedNodes: - format: int32 - type: integer - health: - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1alpha1 - versions: - - name: v1alpha1 + health: + type: string + kibanaAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + version: + description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -346,34 +448,19 @@ status: conditions: [] storedVersions: [] --- -# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'elastic-operator' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' + app.kubernetes.io/version: '2.0.0' name: apmservers.apm.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: APM version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: apm.k8s.elastic.co names: categories: @@ -385,546 +472,635 @@ spec: - apm singular: apmserver scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ApmServer represents an APM Server resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ApmServerSpec holds the specification of an APM Server. - properties: - config: - description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' - type: object - count: - description: Count of APM Server instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the output Elasticsearch - cluster running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for the APM Server - resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: APM version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ApmServer represents an APM Server resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApmServerSpec holds the specification of an APM Server. + properties: + config: + description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of APM Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the output Elasticsearch cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for the APM Server resource. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. format: int32 type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object type: object - type: array - type: object - type: object - type: object - image: - description: Image is the APM Server Docker image to deploy. - type: string - kibanaRef: - description: KibanaRef is a reference to a Kibana instance running in - the same Kubernetes cluster. It allows APM agent central configuration - management in Kibana. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the APM Server pods. - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for APM Server. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the APM Server Docker image to deploy. + type: string + kibanaRef: + description: KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster. It allows APM agent central configuration management in Kibana. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of the APM Server. - type: string - required: - - version - type: object - status: - description: ApmServerStatus defines the observed state of ApmServer - properties: - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - elasticsearchAssociationStatus: - description: ElasticsearchAssociationStatus is the status of any auto-linking - to Elasticsearch clusters. - type: string - health: - description: Health of the deployment. - type: string - kibanaAssociationStatus: - description: KibanaAssociationStatus is the status of any auto-linking - to Kibana. - type: string - secretTokenSecret: - description: SecretTokenSecretName is the name of the Secret that contains - the secret token - type: string - service: - description: ExternalService is the name of the service the agents should - connect to. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the APM Server pods. + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for APM Server. + items: + description: SecretSource defines a data source based on a Kubernetes Secret. + properties: + entries: + description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current resource to a resource (eg. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of the APM Server. + type: string + required: + - version + type: object + status: + description: ApmServerStatus defines the observed state of ApmServer + properties: + availableNodes: + description: AvailableNodes is the number of available replicas in the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object. + format: int32 + type: integer + elasticsearchAssociationStatus: + description: ElasticsearchAssociationStatus is the status of any auto-linking to Elasticsearch clusters. + type: string + health: + description: Health of the deployment. + type: string + kibanaAssociationStatus: + description: KibanaAssociationStatus is the status of any auto-linking to Kibana. + type: string + secretTokenSecret: + description: SecretTokenSecretName is the name of the Secret that contains the secret token + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service the agents should connect to. + type: string + version: + description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true - - name: v1beta1 - served: true - storage: false - - name: v1alpha1 + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: APM version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ApmServer represents an APM Server resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApmServerSpec holds the specification of an APM Server. + properties: + config: + description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of APM Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the output Elasticsearch cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for the APM Server resource. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. + properties: + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the APM Server Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the APM Server pods. + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for APM Server. + items: + description: SecretSource defines a data source based on a Kubernetes Secret. + properties: + entries: + description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + version: + description: Version of the APM Server. + type: string + type: object + status: + description: ApmServerStatus defines the observed state of ApmServer + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch clusters. + type: string + availableNodes: + format: int32 + type: integer + health: + description: ApmServerHealth expresses the status of the Apm Server instances. + type: string + secretTokenSecret: + description: SecretTokenSecretName is the name of the Secret that contains the secret token + type: string + service: + description: ExternalService is the name of the service the agents should connect to. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions of the CRD + type: object served: false storage: false status: @@ -934,42 +1110,19 @@ status: conditions: [] storedVersions: [] --- -# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'elastic-operator' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' + app.kubernetes.io/version: '2.0.0' name: beats.beat.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: available - type: integer - - JSONPath: .status.expectedNodes - description: Expected nodes - name: expected - type: integer - - JSONPath: .spec.type - description: Beat type - name: type - type: string - - JSONPath: .status.version - description: Beat version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: beat.k8s.elastic.co names: categories: @@ -981,273 +1134,223 @@ spec: - beat singular: beat scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Beat is the Schema for the Beats API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BeatSpec defines the desired state of a Beat. - properties: - config: - description: Config holds the Beat configuration. At most one of [`Config`, - `ConfigRef`] can be specified. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Beat configuration. Beat settings must be specified - as yaml, under a single "beat.yml" entry. At most one of [`Config`, - `ConfigRef`] can be specified. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - daemonSet: - description: DaemonSet specifies the Beat should be deployed as a DaemonSet, - and allows providing its spec. Cannot be used along with `deployment`. - If both are absent a default for the Type is used. - properties: - updateStrategy: - description: DaemonSetUpdateStrategy is a struct used to control - the update strategy for a DaemonSet. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - type = "RollingUpdate". --- TODO: Update this to follow our - convention for oneOf, whatever we decide it to be. Same as - Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that - can be unavailable during the update. Value can be an - absolute number (ex: 5) or a percentage of total number - of DaemonSet pods at the start of the update (ex: 10%). - Absolute number is calculated from percentage by rounding - up. This cannot be 0. Default value is 1. Example: when - this is set to 30%, at most 30% of the total number of - nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given - time. The update starts by stopping at most 30% of those - DaemonSet pods and then brings up new DaemonSet pods in - their place. Once the new pods are available, it then - proceeds onto other DaemonSet pods, thus ensuring that - at least 70% of original number of DaemonSet pods are - available at all times during the update.' - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. - type: string - type: object - type: object - deployment: - description: Deployment specifies the Beat should be deployed as a Deployment, - and allows providing its spec. Cannot be used along with `daemonSet`. - If both are absent a default for the Type is used. - properties: - replicas: - format: int32 - type: integer - strategy: - description: DeploymentStrategy describes how to replace existing - pods with new ones. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if - DeploymentStrategyType = RollingUpdate. --- TODO: Update this - to follow our convention for oneOf, whatever we decide it - to be.' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be scheduled - above the desired number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: 10%). - This can not be 0 if MaxUnavailable is 0. Absolute number - is calculated from percentage by rounding up. Defaults - to 25%. Example: when this is set to 30%, the new ReplicaSet - can be scaled up immediately when the rolling update starts, - such that the total number of old and new pods do not - exceed 130% of desired pods. Once old pods have been killed, - new ReplicaSet can be scaled up further, ensuring that - total number of pods running at any time during the update - is at most 130% of desired pods.' - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute - number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately when the rolling - update starts. Once new pods are ready, old ReplicaSet - can be scaled down further, followed by scaling up the - new ReplicaSet, ensuring that the total number of pods - available at all times during the update is at least 70% - of desired pods.' - type: object - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - type: object - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - image: - description: Image is the Beat Docker image to deploy. Version and Type - have to match the Beat in the image. - type: string - kibanaRef: - description: KibanaRef is a reference to a Kibana instance running in - the same Kubernetes cluster. It allows automatic setup of dashboards - and visualizations. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes Secrets - containing sensitive configuration options for the Beat. Secrets data - can be then referenced in the Beat config using the Secret's keys - or as specified in `Entries` field of each SecureSetting. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: available + type: integer + - description: Expected nodes + jsonPath: .status.expectedNodes + name: expected + type: integer + - description: Beat type + jsonPath: .spec.type + name: type + type: string + - description: Beat version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Beat is the Schema for the Beats API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BeatSpec defines the desired state of a Beat. + properties: + config: + description: Config holds the Beat configuration. At most one of [`Config`, `ConfigRef`] can be specified. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Beat configuration. Beat settings must be specified as yaml, under a single "beat.yml" entry. At most one of [`Config`, `ConfigRef`] can be specified. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array secretName: description: SecretName is the name of the secret. type: string + type: object + daemonSet: + description: DaemonSet specifies the Beat should be deployed as a DaemonSet, and allows providing its spec. Cannot be used along with `deployment`. If both are absent a default for the Type is used. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + updateStrategy: + description: DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. + type: string + type: object + type: object + deployment: + description: Deployment specifies the Beat should be deployed as a Deployment, and allows providing its spec. Cannot be used along with `daemonSet`. If both are absent a default for the Type is used. + properties: + podTemplate: + description: PodTemplateSpec describes the data a pod should have when created from a template + type: object + x-kubernetes-preserve-unknown-fields: true + replicas: + format: int32 + type: integer + strategy: + description: DeploymentStrategy describes how to replace existing pods with new ones. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. + type: string + type: object + type: object + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to Elasticsearch resource in a different namespace. Can only - be used if ECK is enforcing RBAC on references. - type: string - type: - description: Type is the type of the Beat to deploy (filebeat, metricbeat, - heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string can - be used, but well-known types will have the image field defaulted - and have the appropriate Elasticsearch roles created automatically. - It also allows for dashboard setup when combined with a `KibanaRef`. - maxLength: 20 - pattern: '[a-zA-Z0-9-]+' - type: string - version: - description: Version of the Beat. - type: string - required: - - type - - version - type: object - status: - description: BeatStatus defines the observed state of a Beat. - properties: - availableNodes: - format: int32 - type: integer - elasticsearchAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - expectedNodes: - format: int32 - type: integer - health: - type: string - kibanaAssociationStatus: - description: AssociationStatus is the status of an association resource. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1beta1 - versions: - - name: v1beta1 + image: + description: Image is the Beat Docker image to deploy. Version and Type have to match the Beat in the image. + type: string + kibanaRef: + description: KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster. It allows automatic setup of dashboards and visualizations. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Beat. Secrets data can be then referenced in the Beat config using the Secret's keys or as specified in `Entries` field of each SecureSetting. + items: + description: SecretSource defines a data source based on a Kubernetes Secret. + properties: + entries: + description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + type: + description: Type is the type of the Beat to deploy (filebeat, metricbeat, heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string can be used, but well-known types will have the image field defaulted and have the appropriate Elasticsearch roles created automatically. It also allows for dashboard setup when combined with a `KibanaRef`. + maxLength: 20 + pattern: '[a-zA-Z0-9-]+' + type: string + version: + description: Version of the Beat. + type: string + required: + - type + - version + type: object + status: + description: BeatStatus defines the observed state of a Beat. + properties: + availableNodes: + format: int32 + type: integer + elasticsearchAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + expectedNodes: + format: int32 + type: integer + health: + type: string + kibanaAssociationStatus: + description: AssociationStatus is the status of an association resource. + type: string + version: + description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -1255,34 +1358,19 @@ status: conditions: [] storedVersions: [] --- -# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'elastic-operator' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' + app.kubernetes.io/version: '2.0.0' name: elasticmapsservers.maps.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: ElasticMapsServer version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: maps.k8s.elastic.co names: categories: @@ -1294,523 +1382,315 @@ spec: - ems singular: elasticmapsserver scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ElasticMapsServer represents an Elastic Map Server resource in - a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MapsSpec holds the specification of an Elastic Maps Server - instance. - properties: - config: - description: 'Config holds the ElasticMapsServer configuration. See: - https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration' - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Elastic Maps Server configuration. Configuration - settings are merged and have precedence over settings specified in - `config`. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - count: - description: Count of Elastic Maps Server instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Elastic Maps - Server. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: ElasticMapsServer version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ElasticMapsServer represents an Elastic Map Server resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MapsSpec holds the specification of an Elastic Maps Server instance. + properties: + config: + description: 'Config holds the ElasticMapsServer configuration. See: https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration' + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Elastic Maps Server configuration. Configuration settings are merged and have precedence over settings specified in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Elastic Maps Server instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Elastic Maps Server. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. format: int32 type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Elastic Maps Server Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Elastic Maps - Server pods - type: object - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Elastic Maps Server. - type: string - required: - - version - type: object - status: - description: MapsStatus defines the observed state of Elastic Maps Server - properties: - associationStatus: - description: AssociationStatus is the status of an association resource. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: 'elastic-operator' + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Elastic Maps Server Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Elastic Maps Server pods + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current resource to a resource (eg. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Elastic Maps Server. + type: string + required: + - version + type: object + status: + description: MapsStatus defines the observed state of Elastic Maps Server + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + version: + description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: 'elastic-operator' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' + app.kubernetes.io/version: '2.0.0' name: elasticsearches.elasticsearch.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Elasticsearch version - name: version - type: string - - JSONPath: .status.phase - name: phase - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: elasticsearch.k8s.elastic.co names: categories: @@ -1822,1256 +1702,1458 @@ spec: - es singular: elasticsearch scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Elasticsearch represents an Elasticsearch resource in a Kubernetes - cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ElasticsearchSpec holds the specification of an Elasticsearch - cluster. - properties: - auth: - description: Auth contains user authentication and authorization security - settings for Elasticsearch. - properties: - fileRealm: - description: FileRealm to propagate to the Elasticsearch cluster. - items: - description: FileRealmSource references users to create in the - Elasticsearch cluster. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - type: array - roles: - description: Roles to propagate to the Elasticsearch cluster. - items: - description: RoleSource references roles to create in the Elasticsearch - cluster. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - type: array - type: object - http: - description: HTTP holds HTTP layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Elasticsearch version + jsonPath: .status.version + name: version + type: string + - jsonPath: .status.phase + name: phase + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Elasticsearch represents an Elasticsearch resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ElasticsearchSpec holds the specification of an Elasticsearch cluster. + properties: + auth: + description: Auth contains user authentication and authorization security settings for Elasticsearch. + properties: + fileRealm: + description: FileRealm to propagate to the Elasticsearch cluster. + items: + description: FileRealmSource references users to create in the Elasticsearch cluster. properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port - type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + secretName: + description: SecretName is the name of the secret. type: string type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." + type: array + roles: + description: Roles to propagate to the Elasticsearch cluster. + items: + description: RoleSource references roles to create in the Elasticsearch cluster. properties: secretName: description: SecretName is the name of the secret. type: string type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. - properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string - type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Elasticsearch Docker image to deploy. - type: string - nodeSets: - description: NodeSets allow specifying groups of Elasticsearch nodes - sharing the same configuration and Pod templates. - items: - description: NodeSet is the specification for a group of Elasticsearch - nodes sharing the same configuration and a Pod template. + type: array + type: object + http: + description: HTTP holds HTTP layer settings for Elasticsearch. properties: - config: - description: Config holds the Elasticsearch configuration. - type: object - count: - description: Count of Elasticsearch nodes to deploy. If the node - set is managed by an autoscaling policy the initial value is - automatically set by the autoscaling controller. - format: int32 - type: integer - name: - description: Name of this set of nodes. Becomes a part of the - Elasticsearch node.name setting. - maxLength: 23 - pattern: '[a-zA-Z0-9-]+' - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, - annotations, affinity rules, resource requests, and so on) for - the Pods belonging to this NodeSet. - type: object - volumeClaimTemplates: - description: VolumeClaimTemplates is a list of persistent volume - claims to be used by each Pod in this NodeSet. Every claim in - this list must have a matching volumeMount in one of the containers - defined in the PodTemplate. Items defined here take precedence - over any default claims added by the operator with the same - name. - items: - description: PersistentVolumeClaim is a user's request for and - claim to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) * An existing - custom resource that implements data population (Alpha) - In order to use custom resource types that implement - data population, the AnyVolumeDataSource feature gate - must be enabled. If the provisioner or an external - controller can support the specified data source, - it will create a new volume based on the contents - of the specified data source.' + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string name: - description: Name is the name of resource being - referenced + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true required: - - kind - - name - type: object - resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object + - port type: object - selector: - description: A label query over volumes to consider - for binding. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string type: object - storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: array + type: object + type: object + type: object + image: + description: Image is the Elasticsearch Docker image to deploy. + type: string + monitoring: + description: Monitoring enables you to collect and ship log and monitoring data of this Elasticsearch cluster. See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different Elasticsearch monitoring clusters running in the same Kubernetes cluster. + properties: + logs: + description: Logs holds references to Elasticsearch clusters which receive log data from this Elasticsearch cluster. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes object. + properties: + name: + description: Name of the Kubernetes object. type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is implied - when not included in claim spec. + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string - volumeName: - description: VolumeName is the binding reference to - the PersistentVolume backing this claim. + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. type: string + required: + - name type: object - status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: array + type: object + metrics: + description: Metrics holds references to Elasticsearch clusters which receive monitoring data from this Elasticsearch cluster. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes object. properties: - accessModes: - description: 'AccessModes contains the actual access - modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + type: array + type: object + type: object + nodeSets: + description: NodeSets allow specifying groups of Elasticsearch nodes sharing the same configuration and Pod templates. + items: + description: NodeSet is the specification for a group of Elasticsearch nodes sharing the same configuration and a Pod template. + properties: + config: + description: Config holds the Elasticsearch configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Elasticsearch nodes to deploy. If the node set is managed by an autoscaling policy the initial value is automatically set by the autoscaling controller. + format: int32 + type: integer + name: + description: Name of this set of nodes. Becomes a part of the Elasticsearch node.name setting. + maxLength: 23 + pattern: '[a-zA-Z0-9-]+' + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Pods belonging to this NodeSet. + type: object + x-kubernetes-preserve-unknown-fields: true + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet. Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. Items defined here take precedence over any default claims added by the operator with the same name. + items: + description: PersistentVolumeClaim is a user's request for and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: type: string - type: array - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - description: Represents the actual resources of the - underlying volume. - type: object - conditions: - description: Current Condition of persistent volume - claim. If underlying persistent volume is being resized - then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails - details about state of pvc + namespace: + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.' properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - format: date-time + kind: + description: Kind is the type of resource being referenced type: string - message: - description: Human-readable message indicating - details about last transition. + name: + description: Name is the name of resource being referenced type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason - for condition's last transition. If it reports - "ResizeStarted" that means the underlying persistent - volume is being resized. + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string - status: + kind: + description: Kind is the type of resource being referenced type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + name: + description: Name is the name of resource being referenced type: string required: - - status - - type + - kind + - name type: object - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - type: object - type: object - type: array - required: - - name - type: object - minItems: 1 - type: array - podDisruptionBudget: - description: PodDisruptionBudget provides access to the default pod - disruption budget for the Elasticsearch cluster. The default budget - selects all cluster pods and sets `maxUnavailable` to 1. To disable, - set `PodDisruptionBudget` to the empty value (`{}` in YAML). - properties: - metadata: - description: ObjectMeta is the metadata of the PDB. The name and - namespace provided here are managed by ECK and will be ignored. - type: object - spec: - description: Spec is the specification of the PDB. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the eviction, - i.e. even in absence of the evicted pod. For example, one - can prevent all voluntary evictions by specifying 0. This - is a mutually exclusive setting with "minAvailable". - minAvailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after - the eviction, i.e. even in the absence of the evicted pod. So - for example you can prevent all voluntary evictions by specifying - "100%". - selector: - description: Label query over pods whose evictions are managed - by the disruption budget. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. + resources: + description: 'Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array - required: - - key - - operator + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + resizeStatus: + description: ResizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + type: string type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object + type: object + type: array + required: + - name type: object - type: object - remoteClusters: - description: RemoteClusters enables you to establish uni-directional - connections to a remote Elasticsearch cluster. - items: - description: RemoteCluster declares a remote Elasticsearch cluster - connection. + minItems: 1 + type: array + podDisruptionBudget: + description: PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster. The default budget selects all cluster pods and sets `maxUnavailable` to 1. To disable, set `PodDisruptionBudget` to the empty value (`{}` in YAML). properties: - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch - cluster running within the same k8s cluster. + metadata: + description: ObjectMeta is the metadata of the PDB. The name and namespace provided here are managed by ECK and will be ignored. properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object name: - description: Name of the Kubernetes object. type: string namespace: - description: Namespace of the Kubernetes object. If empty, - defaults to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes - service which will be used to make requests to the referenced - object. It has to be in the same namespace as the referenced - resource. If left empty the default HTTP service of the - referenced resource will be used. type: string - required: - - name type: object - name: - description: Name is the name of the remote cluster as it is set - in the Elasticsearch settings. The name is expected to be unique - for each remote clusters. - minLength: 1 - type: string - required: - - name + spec: + description: Spec is the specification of the PDB. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable". + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%". + x-kubernetes-int-or-string: true + selector: + description: Label query over pods whose evictions are managed by the disruption budget. A null selector selects no pods. An empty selector ({}) also selects no pods, which differs from standard behavior of selecting all pods. In policy/v1, an empty selector will select all pods in the namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: object type: object - type: array - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for Elasticsearch. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. - properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. + remoteClusters: + description: RemoteClusters enables you to establish uni-directional connections to a remote Elasticsearch cluster. + items: + description: RemoteCluster declares a remote Elasticsearch cluster connection. + properties: + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster running within the same k8s cluster. properties: - key: - description: Key is the key contained in the secret. + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. type: string required: - - key + - name type: object - type: array - secretName: - description: SecretName is the name of the secret. - type: string - required: - - secretName - type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. a remote Elasticsearch cluster) in a different - namespace. Can only be used if ECK is enforcing RBAC on references. - type: string - transport: - description: Transport holds transport layer settings for Elasticsearch. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. + name: + description: Name is the name of the remote cluster as it is set in the Elasticsearch settings. The name is expected to be unique for each remote clusters. + minLength: 1 + type: string + required: + - name + type: object + type: array + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Elasticsearch. + items: + description: SecretSource defines a data source based on a Kubernetes Secret. properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: + entries: + description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current resource to a resource (eg. a remote Elasticsearch cluster) in a different namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + transport: + description: Transport holds transport layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. + properties: + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS on the transport layer. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the CA certificate and private key for generating node certificates. The referenced secret should contain the following: \n - `ca.crt`: The CA certificate in PEM format. - `ca.key`: The private key for the CA certificate in PEM format." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + otherNameSuffix: + description: 'OtherNameSuffix when defined will be prefixed with the Pod name and used as the common name, and the first DNSName, as well as an OtherName required by Elasticsearch in the Subject Alternative Name extension of each Elasticsearch node''s transport TLS certificate. Example: if set to "node.cluster.local", the generated certificate will have its otherName set to ".node.cluster.local".' + type: string + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated node transport TLS certificates. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + updateStrategy: + description: UpdateStrategy specifies how updates to the cluster should be performed. + properties: + changeBudget: + description: ChangeBudget defines the constraints to consider when applying changes to the Elasticsearch cluster. + properties: + maxSurge: + description: MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will disable the restriction. Defaults to unbounded if not specified. + format: int32 + type: integer + maxUnavailable: + description: MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to circumstances under the control of the operator. Setting a negative value will disable this restriction. Defaults to 1 if not specified. + format: int32 + type: integer + type: object + type: object + version: + description: Version of Elasticsearch. + type: string + volumeClaimDeletePolicy: + description: VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets. Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion. + enum: + - DeleteOnScaledownOnly + - DeleteOnScaledownAndClusterDeletion + type: string + required: + - nodeSets + - version + type: object + status: + description: ElasticsearchStatus defines the observed state of Elasticsearch + properties: + availableNodes: + description: AvailableNodes is the number of available instances. + format: int32 + type: integer + health: + description: ElasticsearchHealth is the health of the cluster as returned by the health API. + type: string + monitoringAssociationStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that have a single Association of a given type (for ex. single ES reference), this map contains a single entry. + type: object + phase: + description: ElasticsearchOrchestrationPhase is the phase Elasticsearch is in from the controller point of view. + type: string + version: + description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Elasticsearch version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .status.phase + name: phase + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Elasticsearch represents an Elasticsearch resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ElasticsearchSpec holds the specification of an Elasticsearch cluster. + properties: + http: + description: HTTP holds HTTP layer settings for Elasticsearch. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. format: int32 type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS on the transport - layer. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Elasticsearch Docker image to deploy. + type: string + nodeSets: + description: NodeSets allow specifying groups of Elasticsearch nodes sharing the same configuration and Pod templates. + items: + description: NodeSet is the specification for a group of Elasticsearch nodes sharing the same configuration and a Pod template. properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the CA certificate and private key for generating - node certificates. The referenced secret should contain the - following: \n - `tls.crt`: The CA certificate in PEM format. - - `tls.key`: The private key for the CA certificate in PEM - format." - properties: - secretName: - description: SecretName is the name of the secret. - type: string + config: + description: Config holds the Elasticsearch configuration. type: object - type: object - type: object - updateStrategy: - description: UpdateStrategy specifies how updates to the cluster should - be performed. - properties: - changeBudget: - description: ChangeBudget defines the constraints to consider when - applying changes to the Elasticsearch cluster. - properties: - maxSurge: - description: MaxSurge is the maximum number of new pods that - can be created exceeding the original number of pods defined - in the specification. MaxSurge is only taken into consideration - when scaling up. Setting a negative value will disable the - restriction. Defaults to unbounded if not specified. - format: int32 - type: integer - maxUnavailable: - description: MaxUnavailable is the maximum number of pods that - can be unavailable (not ready) during the update due to circumstances - under the control of the operator. Setting a negative value - will disable this restriction. Defaults to 1 if not specified. + count: + description: Count of Elasticsearch nodes to deploy. format: int32 + minimum: 1 type: integer + name: + description: Name of this set of nodes. Becomes a part of the Elasticsearch node.name setting. + maxLength: 23 + pattern: '[a-zA-Z0-9-]+' + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Pods belonging to this NodeSet. + type: object + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet. Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. Items defined here take precedence over any default claims added by the operator with the same name. + items: + description: PersistentVolumeClaim is a user's request for and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: The storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + resizeStatus: + description: ResizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + type: string + type: object + type: object + type: array + required: + - count + - name type: object - type: object - version: - description: Version of Elasticsearch. - type: string - volumeClaimDeletePolicy: - description: VolumeClaimDeletePolicy sets the policy for handling deletion - of PersistentVolumeClaims for all NodeSets. Possible values are DeleteOnScaledownOnly - and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion. - enum: - - DeleteOnScaledownOnly - - DeleteOnScaledownAndClusterDeletion - type: string - required: - - nodeSets - - version - type: object - status: - description: ElasticsearchStatus defines the observed state of Elasticsearch - properties: - availableNodes: - description: AvailableNodes is the number of available instances. - format: int32 - type: integer - health: - description: ElasticsearchHealth is the health of the cluster as returned - by the health API. - type: string - phase: - description: ElasticsearchOrchestrationPhase is the phase Elasticsearch - is in from the controller point of view. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1beta1 + minItems: 1 + type: array + podDisruptionBudget: + description: PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster. The default budget selects all cluster pods and sets `maxUnavailable` to 1. To disable, set `PodDisruptionBudget` to the empty value (`{}` in YAML). + properties: + metadata: + description: ObjectMeta is the metadata of the PDB. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the PDB. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable". + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%". + x-kubernetes-int-or-string: true + selector: + description: Label query over pods whose evictions are managed by the disruption budget. A null selector selects no pods. An empty selector ({}) also selects no pods, which differs from standard behavior of selecting all pods. In policy/v1, an empty selector will select all pods in the namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: object + type: object + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Elasticsearch. + items: + description: SecretSource defines a data source based on a Kubernetes Secret. + properties: + entries: + description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + updateStrategy: + description: UpdateStrategy specifies how updates to the cluster should be performed. + properties: + changeBudget: + description: ChangeBudget defines the constraints to consider when applying changes to the Elasticsearch cluster. + properties: + maxSurge: + description: MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will disable the restriction. Defaults to unbounded if not specified. + format: int32 + type: integer + maxUnavailable: + description: MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to circumstances under the control of the operator. Setting a negative value will disable this restriction. Defaults to 1 if not specified. + format: int32 + type: integer + type: object + type: object + version: + description: Version of Elasticsearch. + type: string + required: + - nodeSets + type: object + status: + description: ElasticsearchStatus defines the observed state of Elasticsearch + properties: + availableNodes: + format: int32 + type: integer + health: + description: ElasticsearchHealth is the health of the cluster as returned by the health API. + type: string + phase: + description: ElasticsearchOrchestrationPhase is the phase Elasticsearch is in from the controller point of view. + type: string + type: object + type: object served: true storage: false + subresources: + status: {} - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions of the CRD + type: object served: false storage: false status: @@ -3081,34 +3163,19 @@ status: conditions: [] storedVersions: [] --- -# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'elastic-operator' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' + app.kubernetes.io/version: '2.0.0' name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Enterprise Search version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: enterprisesearch.k8s.elastic.co names: categories: @@ -3120,489 +3187,581 @@ spec: - ent singular: enterprisesearch scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: EnterpriseSearchSpec holds the specification of an Enterprise - Search resource. - properties: - config: - description: Config holds the Enterprise Search configuration. - type: object - configRef: - description: ConfigRef contains a reference to an existing Kubernetes - Secret holding the Enterprise Search configuration. Configuration - settings are merged and have precedence over settings specified in - `config`. - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - count: - description: Count of Enterprise Search instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to the Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Enterprise - Search resource. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Enterprise Search version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnterpriseSearchSpec holds the specification of an Enterprise Search resource. + properties: + config: + description: Config holds the Enterprise Search configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration. Configuration settings are merged and have precedence over settings specified in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Enterprise Search instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the Elasticsearch cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Enterprise Search resource. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' format: int32 type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object type: object - type: array - type: object - type: object - type: object - image: - description: Image is the Enterprise Search Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Enterprise Search - pods. - type: object - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Enterprise Search. - type: string - type: object - status: - description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch - properties: - associationStatus: - description: Association is the status of any auto-linking to Elasticsearch - clusters. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - service: - description: ExternalService is the name of the service associated to - the Enterprise Search Pods. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Enterprise Search Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Enterprise Search pods. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current resource to a resource (eg. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Enterprise Search. + type: string + type: object + status: + description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch clusters. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service associated to the Enterprise Search Pods. + type: string + version: + description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: true - - name: v1beta1 + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Enterprise Search version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnterpriseSearchSpec holds the specification of an Enterprise Search resource. + properties: + config: + description: Config holds the Enterprise Search configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + configRef: + description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration. Configuration settings are merged and have precedence over settings specified in `config`. + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + count: + description: Count of Enterprise Search instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to the Elasticsearch cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Enterprise Search resource. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. + properties: + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Enterprise Search Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Enterprise Search pods. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + description: ServiceAccountName is used to check access from the current resource to a resource (eg. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Enterprise Search. + type: string + type: object + status: + description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch + properties: + associationStatus: + description: Association is the status of any auto-linking to Elasticsearch clusters. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object. + format: int32 + type: integer + health: + description: Health of the deployment. + type: string + selector: + description: Selector is the label selector used to find all pods. + type: string + service: + description: ExternalService is the name of the service associated to the Enterprise Search Pods. + type: string + version: + description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.' + type: string + type: object + type: object served: true storage: false + subresources: + status: {} status: acceptedNames: kind: "" @@ -3610,34 +3769,19 @@ status: conditions: [] storedVersions: [] --- -# Source: eck-operator/charts/eck-operator-crds/templates/all-crds.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +# Source: eck-operator-crds/templates/all-crds.yaml +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/instance: 'elastic-operator' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '1.6.0' + app.kubernetes.io/version: '2.0.0' name: kibanas.kibana.k8s.elastic.co spec: - additionalPrinterColumns: - - JSONPath: .status.health - name: health - type: string - - JSONPath: .status.availableNodes - description: Available nodes - name: nodes - type: integer - - JSONPath: .status.version - description: Kibana version - name: version - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date group: kibana.k8s.elastic.co names: categories: @@ -3649,510 +3793,680 @@ spec: - kb singular: kibana scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Kibana represents a Kibana resource in a Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KibanaSpec holds the specification of a Kibana instance. - properties: - config: - description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' - type: object - count: - description: Count of Kibana instances to deploy. - format: int32 - type: integer - elasticsearchRef: - description: ElasticsearchRef is a reference to an Elasticsearch cluster - running in the same Kubernetes cluster. - properties: - name: - description: Name of the Kubernetes object. - type: string - namespace: - description: Namespace of the Kubernetes object. If empty, defaults - to the current namespace. - type: string - serviceName: - description: ServiceName is the name of an existing Kubernetes service - which will be used to make requests to the referenced object. - It has to be in the same namespace as the referenced resource. - If left empty the default HTTP service of the referenced resource - will be used. - type: string - required: - - name - type: object - http: - description: HTTP holds the HTTP layer configuration for Kibana. - properties: - service: - description: Service defines the template for the associated Kubernetes - Service object. - properties: - metadata: - description: ObjectMeta is the metadata of the service. The - name and namespace provided here are managed by ECK and will - be ignored. - type: object - spec: - description: Spec is the specification of the service. - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. - allocateLoadBalancerNodePorts may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. This field is alpha-level - and is only honored by servers that enable the ServiceLBNodePortControl - feature. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n Unless the \"IPv6DualStack\" feature - gate is enabled, this field is limited to one value, which - must be the same as the clusterIP field. If the feature - gate is enabled, this field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs - must correspond to the values of the ipFamilies field. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires Type to be - type: string - externalTrafficPolicy: - description: externalTrafficPolicy denotes if this Service - desires to route external traffic to node-local or cluster-wide - endpoints. "Local" preserves the client source IP and - avoids a second hop for LoadBalancer and Nodeport type - services, but risks potentially imbalanced traffic spreading. - "Cluster" obscures the client source IP and may cause - a second hop to another node, but should have good overall - load-spreading. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). - format: int32 - type: integer - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service, and is gated by - the \"IPv6DualStack\" feature gate. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service, and is gated by - the "IPv6DualStack" feature gate. If there is no value - provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified in - this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be ignored - if the cloud-provider does not support the feature.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. This is - a beta field that is guarded by the ServiceAppProtocol - feature gate and enabled by default. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - required: - - port + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Kibana version + jsonPath: .status.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Kibana represents a Kibana resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KibanaSpec holds the specification of a Kibana instance. + properties: + config: + description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Kibana instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + enterpriseSearchRef: + description: EnterpriseSearchRef is a reference to an EnterpriseSearch running in the same Kubernetes cluster. Kibana provides the default Enterprise Search UI starting version 7.14. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + http: + description: HTTP holds the HTTP layer configuration for Kibana. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string type: object - type: array - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. format: int32 type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port type: object - type: object - topologyKeys: - description: topologyKeys is a preference-order list of - topology keys which implementations of services should - use to preferentially sort endpoints when accessing this - Service, it can not be used at the same time as externalTrafficPolicy=Local. - Topology keys must be valid label keys and at most 16 - keys may be specified. Endpoints are chosen based on the - first topology key with available backends. If this field - is specified and all entries have no backends that match - the topology of the client, the service has no backends - for that client and connections should fail. The special - value "*" may be used to mean "any topology". This catch-all - value, if used, only makes sense as the last value in - the list. If this is not specified or empty, no topology - constraints will be applied. This field is alpha-level - and is only honored by servers that enable the ServiceTopology - feature. - items: - type: string - type: array - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - type: object - tls: - description: TLS defines options for configuring TLS for HTTP. - properties: - certificate: - description: "Certificate is a reference to a Kubernetes secret - that contains the certificate and private key for enabling - TLS. The referenced secret should contain the following: \n - - `ca.crt`: The certificate authority (optional). - `tls.crt`: - The certificate (or a chain). - `tls.key`: The private key - to the first certificate in the certificate chain." - properties: - secretName: - description: SecretName is the name of the secret. - type: string - type: object - selfSignedCertificate: - description: SelfSignedCertificate allows configuring the self-signed - certificate generated by the operator. - properties: - disabled: - description: Disabled indicates that the provisioning of - the self-signed certifcate should be disabled. - type: boolean - subjectAltNames: - description: SubjectAlternativeNames is a list of SANs to - include in the generated HTTP TLS certificate. - items: - description: SubjectAlternativeName represents a SAN entry - in a x509 certificate. + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. properties: - dns: - description: DNS is the DNS name of the subject. - type: string - ip: - description: IP is the IP address of the subject. - type: string + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object type: object - type: array - type: object + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Kibana Docker image to deploy. + type: string + monitoring: + description: Monitoring enables you to collect and ship log and monitoring data of this Kibana. See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html. Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different Elasticsearch monitoring clusters running in the same Kubernetes cluster. + properties: + logs: + description: Logs holds references to Elasticsearch clusters which will receive log data from this Kibana. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + type: array + type: object + metrics: + description: Metrics holds references to Elasticsearch clusters which will receive monitoring data from this Kibana. + properties: + elasticsearchRefs: + description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported. + items: + description: ObjectSelector defines a reference to a Kubernetes object. + properties: + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. + type: string + serviceName: + description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used. + type: string + required: + - name + type: object + type: array + type: object + type: object + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Kibana pods + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Kibana. + items: + description: SecretSource defines a data source based on a Kubernetes Secret. + properties: + entries: + description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName type: object - type: object - image: - description: Image is the Kibana Docker image to deploy. - type: string - podTemplate: - description: PodTemplate provides customisation options (labels, annotations, - affinity rules, resource requests, and so on) for the Kibana pods - type: object - secureSettings: - description: SecureSettings is a list of references to Kubernetes secrets - containing sensitive configuration options for Kibana. - items: - description: SecretSource defines a data source based on a Kubernetes - Secret. + type: array + serviceAccountName: + description: ServiceAccountName is used to check access from the current resource to a resource (eg. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. + type: string + version: + description: Version of Kibana. + type: string + required: + - version + type: object + status: + description: KibanaStatus defines the observed state of Kibana + properties: + associationStatus: + description: AssociationStatus is the status of any auto-linking to Elasticsearch clusters. This field is deprecated and will be removed in a future release. Use ElasticsearchAssociationStatus instead. + type: string + availableNodes: + description: AvailableNodes is the number of available replicas in the deployment. + format: int32 + type: integer + count: + description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object. + format: int32 + type: integer + elasticsearchAssociationStatus: + description: ElasticsearchAssociationStatus is the status of any auto-linking to Elasticsearch clusters. + type: string + enterpriseSearchAssociationStatus: + description: EnterpriseSearchAssociationStatus is the status of any auto-linking to Enterprise Search. + type: string + health: + description: Health of the deployment. + type: string + monitoringAssociationStatus: + additionalProperties: + description: AssociationStatus is the status of an association resource. + type: string + description: MonitoringAssociationStatus is the status of any auto-linking to monitoring Elasticsearch clusters. + type: object + selector: + description: Selector is the label selector used to find all pods. + type: string + version: + description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.count + statusReplicasPath: .status.count + status: {} + - additionalPrinterColumns: + - jsonPath: .status.health + name: health + type: string + - description: Available nodes + jsonPath: .status.availableNodes + name: nodes + type: integer + - description: Kibana version + jsonPath: .spec.version + name: version + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Kibana represents a Kibana resource in a Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KibanaSpec holds the specification of a Kibana instance. + properties: + config: + description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html' + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count of Kibana instances to deploy. + format: int32 + type: integer + elasticsearchRef: + description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster. properties: - entries: - description: Entries define how to project each key-value pair - in the secret to filesystem paths. If not defined, all keys - will be projected to similarly named paths in the filesystem. - If defined, only the specified keys will be projected to the - corresponding paths. - items: - description: KeyToPath defines how to map a key in a Secret - object to a filesystem path. - properties: - key: - description: Key is the key contained in the secret. - type: string - path: - description: Path is the relative file path to map the key - to. Path must not be an absolute file path and must not - contain any ".." components. - type: string - required: - - key - type: object - type: array - secretName: - description: SecretName is the name of the secret. + name: + description: Name of the Kubernetes object. + type: string + namespace: + description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string required: - - secretName + - name type: object - type: array - serviceAccountName: - description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. - Can only be used if ECK is enforcing RBAC on references. - type: string - version: - description: Version of Kibana. - type: string - required: - - version - type: object - status: - description: KibanaStatus defines the observed state of Kibana - properties: - associationStatus: - description: AssociationStatus is the status of an association resource. - type: string - availableNodes: - description: AvailableNodes is the number of available replicas in the - deployment. - format: int32 - type: integer - health: - description: Health of the deployment. - type: string - version: - description: 'Version of the stack resource currently running. During - version upgrades, multiple versions may run in parallel: this value - specifies the lowest version currently running.' - type: string - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1beta1 + http: + description: HTTP holds the HTTP layer configuration for Kibana. + properties: + service: + description: Service defines the template for the associated Kubernetes Service object. + properties: + metadata: + description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec is the specification of the service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster". + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's port. + properties: + appProtocol: + description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + tls: + description: TLS defines options for configuring TLS for HTTP. + properties: + certificate: + description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain." + properties: + secretName: + description: SecretName is the name of the secret. + type: string + type: object + selfSignedCertificate: + description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator. + properties: + disabled: + description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled. + type: boolean + subjectAltNames: + description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate. + items: + description: SubjectAlternativeName represents a SAN entry in a x509 certificate. + properties: + dns: + description: DNS is the DNS name of the subject. + type: string + ip: + description: IP is the IP address of the subject. + type: string + type: object + type: array + type: object + type: object + type: object + image: + description: Image is the Kibana Docker image to deploy. + type: string + podTemplate: + description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Kibana pods + type: object + x-kubernetes-preserve-unknown-fields: true + secureSettings: + description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Kibana. + items: + description: SecretSource defines a data source based on a Kubernetes Secret. + properties: + entries: + description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths. + items: + description: KeyToPath defines how to map a key in a Secret object to a filesystem path. + properties: + key: + description: Key is the key contained in the secret. + type: string + path: + description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components. + type: string + required: + - key + type: object + type: array + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: array + version: + description: Version of Kibana. + type: string + type: object + status: + description: KibanaStatus defines the observed state of Kibana + properties: + associationStatus: + description: AssociationStatus is the status of an association resource. + type: string + availableNodes: + format: int32 + type: integer + health: + description: KibanaHealth expresses the status of the Kibana instances. + type: string + type: object + type: object served: true storage: false + subresources: + status: {} - name: v1alpha1 + schema: + openAPIV3Schema: + description: to not break compatibility when upgrading from previous versions of the CRD + type: object served: false storage: false status: @@ -4161,551 +4475,5 @@ status: plural: "" conditions: [] storedVersions: [] ---- -# Source: eck-operator/templates/cluster-roles.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: elastic-operator - labels: - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" -rules: -- apiGroups: - - "authorization.k8s.io" - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - "" - resources: - - pods - - endpoints - - events - - persistentvolumeclaims - - secrets - - services - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - apps - resources: - - deployments - - statefulsets - - daemonsets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - elasticsearch.k8s.elastic.co - resources: - - elasticsearches - - elasticsearches/status - - elasticsearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP - - enterpriselicenses - - enterpriselicenses/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - kibana.k8s.elastic.co - resources: - - kibanas - - kibanas/status - - kibanas/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - apm.k8s.elastic.co - resources: - - apmservers - - apmservers/status - - apmservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - enterprisesearch.k8s.elastic.co - resources: - - enterprisesearches - - enterprisesearches/status - - enterprisesearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - beat.k8s.elastic.co - resources: - - beats - - beats/status - - beats/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - agent.k8s.elastic.co - resources: - - agents - - agents/status - - agents/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - maps.k8s.elastic.co - resources: - - elasticmapsservers - - elasticmapsservers/status - - elasticmapsservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -# Source: eck-operator/templates/cluster-roles.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "elastic-operator-view" - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" -rules: -- apiGroups: ["elasticsearch.k8s.elastic.co"] - resources: ["elasticsearches"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apm.k8s.elastic.co"] - resources: ["apmservers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["kibana.k8s.elastic.co"] - resources: ["kibanas"] - verbs: ["get", "list", "watch"] -- apiGroups: ["enterprisesearch.k8s.elastic.co"] - resources: ["enterprisesearches"] - verbs: ["get", "list", "watch"] -- apiGroups: ["beat.k8s.elastic.co"] - resources: ["beats"] - verbs: ["get", "list", "watch"] -- apiGroups: ["agent.k8s.elastic.co"] - resources: ["agents"] - verbs: ["get", "list", "watch"] -- apiGroups: ["maps.k8s.elastic.co"] - resources: ["elasticmapsservers"] - verbs: ["get", "list", "watch"] ---- -# Source: eck-operator/templates/cluster-roles.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "elastic-operator-edit" - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" -rules: -- apiGroups: ["elasticsearch.k8s.elastic.co"] - resources: ["elasticsearches"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] -- apiGroups: ["apm.k8s.elastic.co"] - resources: ["apmservers"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] -- apiGroups: ["kibana.k8s.elastic.co"] - resources: ["kibanas"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] -- apiGroups: ["enterprisesearch.k8s.elastic.co"] - resources: ["enterprisesearches"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] -- apiGroups: ["beat.k8s.elastic.co"] - resources: ["beats"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] -- apiGroups: ["agent.k8s.elastic.co"] - resources: ["agents"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] -- apiGroups: ["maps.k8s.elastic.co"] - resources: ["elasticmapsservers"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] ---- -# Source: eck-operator/templates/role-bindings.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: elastic-operator - labels: - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: elastic-operator -subjects: -- kind: ServiceAccount - name: elastic-operator - namespace: elastic-system ---- -# Source: eck-operator/templates/webhook.yaml -apiVersion: v1 -kind: Service -metadata: - name: elastic-webhook-server - namespace: elastic-system - labels: - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" -spec: - ports: - - name: https - port: 443 - targetPort: 9443 - selector: - control-plane: elastic-operator ---- -# Source: eck-operator/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: elastic-operator - namespace: elastic-system - labels: - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" -spec: - selector: - matchLabels: - control-plane: elastic-operator - serviceName: elastic-operator - replicas: 1 - template: - metadata: - annotations: - # Rename the fields "error" to "error.message" and "source" to "event.source" - # This is to avoid a conflict with the ECS "error" and "source" documents. - "co.elastic.logs/raw": "[{\"type\":\"container\",\"json.keys_under_root\":true,\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]" - "checksum/config": 3c2010a9355a35f49003014b553c3315c92569d20875c18788dd85b73a97c6c7 - labels: - control-plane: elastic-operator - spec: - terminationGracePeriodSeconds: 10 - serviceAccountName: elastic-operator - securityContext: - runAsNonRoot: true - containers: - - image: "docker.elastic.co/eck/eck-operator:1.6.0" - imagePullPolicy: IfNotPresent - name: manager - args: - - "manager" - - "--config=/conf/eck.yaml" - - "--distribution-channel=all-in-one" - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: WEBHOOK_SECRET - value: elastic-webhook-server-cert - resources: - limits: - cpu: 1 - memory: 512Mi - requests: - cpu: 100m - memory: 150Mi - ports: - - containerPort: 9443 - name: https-webhook - protocol: TCP - volumeMounts: - - mountPath: "/conf" - name: conf - readOnly: true - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: conf - configMap: - name: elastic-operator - - name: cert - secret: - defaultMode: 420 - secretName: elastic-webhook-server-cert ---- -# Source: eck-operator/templates/webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: elastic-webhook.k8s.elastic.co - labels: - control-plane: elastic-operator - app.kubernetes.io/version: "1.6.0" -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-agent-k8s-elastic-co-v1alpha1-agent - failurePolicy: Ignore - name: elastic-agent-validation-v1alpha1.k8s.elastic.co - rules: - - apiGroups: - - agent.k8s.elastic.co - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - agents -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-apm-k8s-elastic-co-v1-apmserver - failurePolicy: Ignore - name: elastic-apm-validation-v1.k8s.elastic.co - rules: - - apiGroups: - - apm.k8s.elastic.co - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - apmservers -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-apm-k8s-elastic-co-v1beta1-apmserver - failurePolicy: Ignore - name: elastic-apm-validation-v1beta1.k8s.elastic.co - rules: - - apiGroups: - - apm.k8s.elastic.co - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - apmservers -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-beat-k8s-elastic-co-v1beta1-beat - failurePolicy: Ignore - name: elastic-beat-validation-v1beta1.k8s.elastic.co - rules: - - apiGroups: - - beat.k8s.elastic.co - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - beats -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-enterprisesearch-k8s-elastic-co-v1-enterprisesearch - failurePolicy: Ignore - name: elastic-ent-validation-v1.k8s.elastic.co - rules: - - apiGroups: - - enterprisesearch.k8s.elastic.co - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - enterprisesearches -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-enterprisesearch-k8s-elastic-co-v1beta1-enterprisesearch - failurePolicy: Ignore - name: elastic-ent-validation-v1beta1.k8s.elastic.co - rules: - - apiGroups: - - enterprisesearch.k8s.elastic.co - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - enterprisesearches -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch - failurePolicy: Ignore - name: elastic-es-validation-v1.k8s.elastic.co - rules: - - apiGroups: - - elasticsearch.k8s.elastic.co - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - elasticsearches -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch - failurePolicy: Ignore - name: elastic-es-validation-v1beta1.k8s.elastic.co - rules: - - apiGroups: - - elasticsearch.k8s.elastic.co - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - elasticsearches -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-kibana-k8s-elastic-co-v1-kibana - failurePolicy: Ignore - name: elastic-kb-validation-v1.k8s.elastic.co - rules: - - apiGroups: - - kibana.k8s.elastic.co - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - kibanas -- clientConfig: - caBundle: Cg== - service: - name: elastic-webhook-server - namespace: elastic-system - path: /validate-kibana-k8s-elastic-co-v1beta1-kibana - failurePolicy: Ignore - name: elastic-kb-validation-v1beta1.k8s.elastic.co - rules: - - apiGroups: - - kibana.k8s.elastic.co - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kibanas \ No newline at end of file + +