diff --git a/docs/releases/unreleased.md b/docs/releases/unreleased.md index 3f49fecd..953bb77f 100644 --- a/docs/releases/unreleased.md +++ b/docs/releases/unreleased.md @@ -20,7 +20,7 @@ The distribution is maintained with ❤️ by the team [SIGHUP](https://sighup.i ## New features 🌟 -- TBD +- [[#353](https://github.com/sighupio/fury-distribution/pull/353)] **Add EKS self-managed node pool default override options for IDMS**: add a variable to override the default properies for EKS self-managed node pools. Currently support only the IDMS ones. ## Fixes 🐞 @@ -28,7 +28,6 @@ The distribution is maintained with ❤️ by the team [SIGHUP](https://sighup.i - [[#336](https://github.com/sighupio/fury-distribution/pull/336)] **Fix race condition when deleting Kyverno**: changing the policy module type from `kyverno` to `none` could, sometimes, end up in a race condition where the API for ClusterPolicy CRD is unregistered before the deletion of the ClusterPolicy objects, resulting in an error in the deletion command execution. The deletion command has been tweaked to avoid this condition. - [[#344](https://github.com/sighupio/fury-distribution/pull/344)] **Fix Cidr Block additional firewall rule in EKS Cluster**: remove the limitation to have a single CIDR Block additional firewall rule as the EKS installer supports a list. - [[#348](https://github.com/sighupio/fury-distribution/pull/348)] **Fix `Get previous cluster configuration` failure on first apply**: fixed an issue on `furyctl apply` for on-premises clusters that made it fail with an `ansible-playbook create-playbook.yaml: command failed - exit status 2` error on the very first time it was executed. - ## Upgrade procedure Check the [upgrade docs](https://docs.kubernetesfury.com/docs/installation/upgrades) for the detailed procedure. diff --git a/docs/schemas/ekscluster-kfd-v1alpha2.md b/docs/schemas/ekscluster-kfd-v1alpha2.md index fdf0521a..08917961 100644 --- a/docs/schemas/ekscluster-kfd-v1alpha2.md +++ b/docs/schemas/ekscluster-kfd-v1alpha2.md @@ -5024,6 +5024,7 @@ The network CIDR that will be used to assign IP addresses to the VPN clients whe | [nodeAllowedSshPublicKey](#speckubernetesnodeallowedsshpublickey) | `object` | Required | | [nodePoolGlobalAmiType](#speckubernetesnodepoolglobalamitype) | `string` | Required | | [nodePools](#speckubernetesnodepools) | `array` | Required | +| [nodePoolsCommon](#speckubernetesnodepoolscommon) | `object` | Optional | | [nodePoolsLaunchKind](#speckubernetesnodepoolslaunchkind) | `string` | Required | | [serviceIpV4Cidr](#speckubernetesserviceipv4cidr) | `string` | Optional | | [subnetIds](#speckubernetessubnetids) | `array` | Optional | @@ -5775,6 +5776,56 @@ The type of Node Pool, can be `self-managed` for using customization like custom |`"eks-managed"` | |`"self-managed"`| +## .spec.kubernetes.nodePoolsCommon + +### Properties + +| Property | Type | Required | +|:-------------------------------------------------------------------------------------------------|:----------|:---------| +| [metadataHttpEndpoint](#speckubernetesnodepoolscommonmetadatahttpendpoint) | `string` | Optional | +| [metadataHttpPutResponseHopLimit](#speckubernetesnodepoolscommonmetadatahttpputresponsehoplimit) | `integer` | Optional | +| [metadataHttpTokens](#speckubernetesnodepoolscommonmetadatahttptokens) | `string` | Optional | + +### Description + +All the common self-managed node pool definitions. Currently supports only the IMDS properties. + +## .spec.kubernetes.nodePoolsCommon.metadataHttpEndpoint + +### Description + +Specifies whether the instance metadata service (IMDS) is enabled or disabled. When set to 'disabled', instance metadata is not accessible. + +### Constraints + +**enum**: the value of this property must be equal to one of the following string values: + +| Value | +|:-----------| +|`"enabled"` | +|`"disabled"`| + +## .spec.kubernetes.nodePoolsCommon.metadataHttpPutResponseHopLimit + +### Description + +Specifies the maximum number of network hops allowed for instance metadata PUT response packets. This helps control access to instance metadata across different network layers. + +## .spec.kubernetes.nodePoolsCommon.metadataHttpTokens + +### Description + +Defines whether the use of IMDS session tokens is required. When set to 'required', all metadata requests must include a valid session token. + +### Constraints + +**enum**: the value of this property must be equal to one of the following string values: + +| Value | +|:-----------| +|`"optional"`| +|`"required"`| + ## .spec.kubernetes.nodePoolsLaunchKind ### Description diff --git a/pkg/apis/ekscluster/v1alpha2/private/schema.go b/pkg/apis/ekscluster/v1alpha2/private/schema.go index a8d20d04..29958261 100644 --- a/pkg/apis/ekscluster/v1alpha2/private/schema.go +++ b/pkg/apis/ekscluster/v1alpha2/private/schema.go @@ -10,170 +10,70 @@ import ( "github.com/sighupio/go-jsonschema/pkg/types" ) -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesMonitoringType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesMonitoringType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesMonitoringType, v) - } - *j = SpecDistributionModulesMonitoringType(v) - return nil -} +// A KFD Cluster deployed on top of AWS's Elastic Kubernetes Service (EKS). +type EksclusterKfdV1Alpha2 struct { + // ApiVersion corresponds to the JSON schema field "apiVersion". + ApiVersion string `json:"apiVersion" yaml:"apiVersion" mapstructure:"apiVersion"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesLoggingType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingType, v) - } - *j = SpecDistributionModulesLoggingType(v) - return nil -} + // Kind corresponds to the JSON schema field "kind". + Kind EksclusterKfdV1Alpha2Kind `json:"kind" yaml:"kind" mapstructure:"kind"` -type TypesKubeNodeSelector map[string]string + // Metadata corresponds to the JSON schema field "metadata". + Metadata Metadata `json:"metadata" yaml:"metadata" mapstructure:"metadata"` -type SpecDistributionCommonProvider struct { - // The provider type. Don't set. FOR INTERNAL USE ONLY. - Type string `json:"type" yaml:"type" mapstructure:"type"` + // Spec corresponds to the JSON schema field "spec". + Spec Spec `json:"spec" yaml:"spec" mapstructure:"spec"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCommonProvider) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionCommonProvider: required") - } - type Plain SpecDistributionCommonProvider - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionCommonProvider(plain) - return nil -} +type EksclusterKfdV1Alpha2Kind string -type TypesKubeTolerationEffect string +const EksclusterKfdV1Alpha2KindEKSCluster EksclusterKfdV1Alpha2Kind = "EKSCluster" -var enumValues_TypesKubeTolerationEffect = []interface{}{ - "NoSchedule", - "PreferNoSchedule", - "NoExecute", +type Metadata struct { + // The name of the cluster. It will also be used as a prefix for all the other + // resources created. + Name string `json:"name" yaml:"name" mapstructure:"name"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeTolerationEffect) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_TypesKubeTolerationEffect { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationEffect, v) - } - *j = TypesKubeTolerationEffect(v) - return nil -} +type Spec struct { + // Distribution corresponds to the JSON schema field "distribution". + Distribution SpecDistribution `json:"distribution" yaml:"distribution" mapstructure:"distribution"` -const ( - TypesKubeTolerationEffectNoSchedule TypesKubeTolerationEffect = "NoSchedule" - TypesKubeTolerationEffectPreferNoSchedule TypesKubeTolerationEffect = "PreferNoSchedule" - TypesKubeTolerationEffectNoExecute TypesKubeTolerationEffect = "NoExecute" -) + // Defines which KFD version will be installed and, in consequence, the Kubernetes + // version used to create the cluster. It supports git tags and branches. Example: + // `v1.30.1`. + DistributionVersion string `json:"distributionVersion" yaml:"distributionVersion" mapstructure:"distributionVersion"` -type TypesKubeTolerationOperator string + // Infrastructure corresponds to the JSON schema field "infrastructure". + Infrastructure *SpecInfrastructure `json:"infrastructure,omitempty" yaml:"infrastructure,omitempty" mapstructure:"infrastructure,omitempty"` -var enumValues_TypesKubeTolerationOperator = []interface{}{ - "Exists", - "Equal", -} + // Kubernetes corresponds to the JSON schema field "kubernetes". + Kubernetes SpecKubernetes `json:"kubernetes" yaml:"kubernetes" mapstructure:"kubernetes"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeTolerationOperator) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_TypesKubeTolerationOperator { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationOperator, v) - } - *j = TypesKubeTolerationOperator(v) - return nil -} + // Plugins corresponds to the JSON schema field "plugins". + Plugins *SpecPlugins `json:"plugins,omitempty" yaml:"plugins,omitempty" mapstructure:"plugins,omitempty"` -const ( - TypesKubeTolerationOperatorExists TypesKubeTolerationOperator = "Exists" - TypesKubeTolerationOperatorEqual TypesKubeTolerationOperator = "Equal" -) + // Defines in which AWS region the cluster and all the related resources will be + // created. + Region TypesAwsRegion `json:"region" yaml:"region" mapstructure:"region"` -type TypesKubeToleration struct { - // Effect corresponds to the JSON schema field "effect". - Effect TypesKubeTolerationEffect `json:"effect" yaml:"effect" mapstructure:"effect"` + // This map defines which will be the common tags that will be added to all the + // resources created on AWS. + Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` - // The key of the toleration - Key string `json:"key" yaml:"key" mapstructure:"key"` + // Configuration for tools used by furyctl, like Terraform. + ToolsConfiguration SpecToolsConfiguration `json:"toolsConfiguration" yaml:"toolsConfiguration" mapstructure:"toolsConfiguration"` +} - // Operator corresponds to the JSON schema field "operator". - Operator *TypesKubeTolerationOperator `json:"operator,omitempty" yaml:"operator,omitempty" mapstructure:"operator,omitempty"` +type SpecDistribution struct { + // Common corresponds to the JSON schema field "common". + Common *SpecDistributionCommon `json:"common,omitempty" yaml:"common,omitempty" mapstructure:"common,omitempty"` - // The value of the toleration - Value *string `json:"value,omitempty" yaml:"value,omitempty" mapstructure:"value,omitempty"` -} + // CustomPatches corresponds to the JSON schema field "customPatches". + CustomPatches *SpecDistributionCustompatches `json:"customPatches,omitempty" yaml:"customPatches,omitempty" mapstructure:"customPatches,omitempty"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeToleration) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["effect"]; !ok || v == nil { - return fmt.Errorf("field effect in TypesKubeToleration: required") - } - if v, ok := raw["key"]; !ok || v == nil { - return fmt.Errorf("field key in TypesKubeToleration: required") - } - type Plain TypesKubeToleration - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = TypesKubeToleration(plain) - return nil + // Modules corresponds to the JSON schema field "modules". + Modules SpecDistributionModules `json:"modules" yaml:"modules" mapstructure:"modules"` } // Common configuration for all the distribution modules. @@ -206,55 +106,12 @@ type SpecDistributionCommon struct { Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` } -type SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior string - -var enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = []interface{}{ - "create", - "replace", - "merge", -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior, v) - } - *j = SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior(v) - return nil +type SpecDistributionCommonProvider struct { + // The provider type. Don't set. FOR INTERNAL USE ONLY. + Type string `json:"type" yaml:"type" mapstructure:"type"` } -const ( - SpecDistributionCustomPatchesConfigMapGeneratorResourceBehaviorCreate SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = "create" - SpecDistributionCustomPatchesConfigMapGeneratorResourceBehaviorReplace SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = "replace" - SpecDistributionCustomPatchesConfigMapGeneratorResourceBehaviorMerge SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = "merge" -) - -type TypesKubeLabels map[string]string - -type SpecDistributionCustomPatchesConfigMapGeneratorResourceOptions struct { - // The annotations of the configmap - Annotations TypesKubeLabels `json:"annotations,omitempty" yaml:"annotations,omitempty" mapstructure:"annotations,omitempty"` - - // If true, the name suffix hash will be disabled - DisableNameSuffixHash *bool `json:"disableNameSuffixHash,omitempty" yaml:"disableNameSuffixHash,omitempty" mapstructure:"disableNameSuffixHash,omitempty"` - - // If true, the configmap will be immutable - Immutable *bool `json:"immutable,omitempty" yaml:"immutable,omitempty" mapstructure:"immutable,omitempty"` - - // The labels of the configmap - Labels TypesKubeLabels `json:"labels,omitempty" yaml:"labels,omitempty" mapstructure:"labels,omitempty"` -} +type SpecDistributionCustomPatchesConfigMapGenerator []SpecDistributionCustomPatchesConfigMapGeneratorResource type SpecDistributionCustomPatchesConfigMapGeneratorResource struct { // The behavior of the configmap @@ -279,29 +136,45 @@ type SpecDistributionCustomPatchesConfigMapGeneratorResource struct { Options *SpecDistributionCustomPatchesConfigMapGeneratorResourceOptions `json:"options,omitempty" yaml:"options,omitempty" mapstructure:"options,omitempty"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCustomPatchesConfigMapGeneratorResource) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionCustomPatchesConfigMapGeneratorResource: required") - } - type Plain SpecDistributionCustomPatchesConfigMapGeneratorResource - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionCustomPatchesConfigMapGeneratorResource(plain) - return nil -} +type SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior string -type SpecDistributionCustomPatchesConfigMapGenerator []SpecDistributionCustomPatchesConfigMapGeneratorResource +const ( + SpecDistributionCustomPatchesConfigMapGeneratorResourceBehaviorCreate SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = "create" + SpecDistributionCustomPatchesConfigMapGeneratorResourceBehaviorMerge SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = "merge" + SpecDistributionCustomPatchesConfigMapGeneratorResourceBehaviorReplace SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = "replace" +) + +type SpecDistributionCustomPatchesConfigMapGeneratorResourceOptions struct { + // The annotations of the configmap + Annotations TypesKubeLabels `json:"annotations,omitempty" yaml:"annotations,omitempty" mapstructure:"annotations,omitempty"` + + // If true, the name suffix hash will be disabled + DisableNameSuffixHash *bool `json:"disableNameSuffixHash,omitempty" yaml:"disableNameSuffixHash,omitempty" mapstructure:"disableNameSuffixHash,omitempty"` + + // If true, the configmap will be immutable + Immutable *bool `json:"immutable,omitempty" yaml:"immutable,omitempty" mapstructure:"immutable,omitempty"` + + // The labels of the configmap + Labels TypesKubeLabels `json:"labels,omitempty" yaml:"labels,omitempty" mapstructure:"labels,omitempty"` +} // Each entry should follow the format of Kustomize's images patch type SpecDistributionCustomPatchesImages []map[string]interface{} +type SpecDistributionCustomPatchesPatch struct { + // Options corresponds to the JSON schema field "options". + Options *SpecDistributionCustomPatchesPatchOptions `json:"options,omitempty" yaml:"options,omitempty" mapstructure:"options,omitempty"` + + // The patch content + Patch *string `json:"patch,omitempty" yaml:"patch,omitempty" mapstructure:"patch,omitempty"` + + // The path of the patch + Path *string `json:"path,omitempty" yaml:"path,omitempty" mapstructure:"path,omitempty"` + + // Target corresponds to the JSON schema field "target". + Target *SpecDistributionCustomPatchesPatchTarget `json:"target,omitempty" yaml:"target,omitempty" mapstructure:"target,omitempty"` +} + type SpecDistributionCustomPatchesPatchOptions struct { // If true, the kind change will be allowed AllowKindChange *bool `json:"allowKindChange,omitempty" yaml:"allowKindChange,omitempty" mapstructure:"allowKindChange,omitempty"` @@ -333,73 +206,13 @@ type SpecDistributionCustomPatchesPatchTarget struct { Version *string `json:"version,omitempty" yaml:"version,omitempty" mapstructure:"version,omitempty"` } -type SpecDistributionCustomPatchesPatch struct { - // Options corresponds to the JSON schema field "options". - Options *SpecDistributionCustomPatchesPatchOptions `json:"options,omitempty" yaml:"options,omitempty" mapstructure:"options,omitempty"` - - // The patch content - Patch *string `json:"patch,omitempty" yaml:"patch,omitempty" mapstructure:"patch,omitempty"` - - // The path of the patch - Path *string `json:"path,omitempty" yaml:"path,omitempty" mapstructure:"path,omitempty"` - - // Target corresponds to the JSON schema field "target". - Target *SpecDistributionCustomPatchesPatchTarget `json:"target,omitempty" yaml:"target,omitempty" mapstructure:"target,omitempty"` -} - type SpecDistributionCustomPatchesPatches []SpecDistributionCustomPatchesPatch // Each entry should be either a relative file path or an inline content resolving // to a partial or complete resource definition type SpecDistributionCustomPatchesPatchesStrategicMerge []string -type SpecDistributionCustomPatchesSecretGeneratorResourceBehavior string - -var enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = []interface{}{ - "create", - "replace", - "merge", -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCustomPatchesSecretGeneratorResourceBehavior) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior, v) - } - *j = SpecDistributionCustomPatchesSecretGeneratorResourceBehavior(v) - return nil -} - -const ( - SpecDistributionCustomPatchesSecretGeneratorResourceBehaviorCreate SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = "create" - SpecDistributionCustomPatchesSecretGeneratorResourceBehaviorReplace SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = "replace" - SpecDistributionCustomPatchesSecretGeneratorResourceBehaviorMerge SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = "merge" -) - -type SpecDistributionCustomPatchesSecretGeneratorResourceOptions struct { - // The annotations of the secret - Annotations TypesKubeLabels `json:"annotations,omitempty" yaml:"annotations,omitempty" mapstructure:"annotations,omitempty"` - - // If true, the name suffix hash will be disabled - DisableNameSuffixHash *bool `json:"disableNameSuffixHash,omitempty" yaml:"disableNameSuffixHash,omitempty" mapstructure:"disableNameSuffixHash,omitempty"` - - // If true, the secret will be immutable - Immutable *bool `json:"immutable,omitempty" yaml:"immutable,omitempty" mapstructure:"immutable,omitempty"` - - // The labels of the secret - Labels TypesKubeLabels `json:"labels,omitempty" yaml:"labels,omitempty" mapstructure:"labels,omitempty"` -} +type SpecDistributionCustomPatchesSecretGenerator []SpecDistributionCustomPatchesSecretGeneratorResource type SpecDistributionCustomPatchesSecretGeneratorResource struct { // The behavior of the secret @@ -427,25 +240,27 @@ type SpecDistributionCustomPatchesSecretGeneratorResource struct { Type *string `json:"type,omitempty" yaml:"type,omitempty" mapstructure:"type,omitempty"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCustomPatchesSecretGeneratorResource) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionCustomPatchesSecretGeneratorResource: required") - } - type Plain SpecDistributionCustomPatchesSecretGeneratorResource - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionCustomPatchesSecretGeneratorResource(plain) - return nil -} +type SpecDistributionCustomPatchesSecretGeneratorResourceBehavior string -type SpecDistributionCustomPatchesSecretGenerator []SpecDistributionCustomPatchesSecretGeneratorResource +const ( + SpecDistributionCustomPatchesSecretGeneratorResourceBehaviorCreate SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = "create" + SpecDistributionCustomPatchesSecretGeneratorResourceBehaviorMerge SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = "merge" + SpecDistributionCustomPatchesSecretGeneratorResourceBehaviorReplace SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = "replace" +) + +type SpecDistributionCustomPatchesSecretGeneratorResourceOptions struct { + // The annotations of the secret + Annotations TypesKubeLabels `json:"annotations,omitempty" yaml:"annotations,omitempty" mapstructure:"annotations,omitempty"` + + // If true, the name suffix hash will be disabled + DisableNameSuffixHash *bool `json:"disableNameSuffixHash,omitempty" yaml:"disableNameSuffixHash,omitempty" mapstructure:"disableNameSuffixHash,omitempty"` + + // If true, the secret will be immutable + Immutable *bool `json:"immutable,omitempty" yaml:"immutable,omitempty" mapstructure:"immutable,omitempty"` + + // The labels of the secret + Labels TypesKubeLabels `json:"labels,omitempty" yaml:"labels,omitempty" mapstructure:"labels,omitempty"` +} type SpecDistributionCustompatches struct { // ConfigMapGenerator corresponds to the JSON schema field "configMapGenerator". @@ -465,20 +280,53 @@ type SpecDistributionCustompatches struct { SecretGenerator SpecDistributionCustomPatchesSecretGenerator `json:"secretGenerator,omitempty" yaml:"secretGenerator,omitempty" mapstructure:"secretGenerator,omitempty"` } -type SpecDistributionModulesAuthDexExpiry struct { - // Dex ID tokens expiration time duration (default 24h). - IdTokens *string `json:"idTokens,omitempty" yaml:"idTokens,omitempty" mapstructure:"idTokens,omitempty"` +type SpecDistributionModules struct { + // Auth corresponds to the JSON schema field "auth". + Auth *SpecDistributionModulesAuth `json:"auth,omitempty" yaml:"auth,omitempty" mapstructure:"auth,omitempty"` - // Dex signing key expiration time duration (default 6h). - SigningKeys *string `json:"signingKeys,omitempty" yaml:"signingKeys,omitempty" mapstructure:"signingKeys,omitempty"` + // Aws corresponds to the JSON schema field "aws". + Aws *SpecDistributionModulesAws `json:"aws,omitempty" yaml:"aws,omitempty" mapstructure:"aws,omitempty"` + + // Dr corresponds to the JSON schema field "dr". + Dr SpecDistributionModulesDr `json:"dr" yaml:"dr" mapstructure:"dr"` + + // Ingress corresponds to the JSON schema field "ingress". + Ingress SpecDistributionModulesIngress `json:"ingress" yaml:"ingress" mapstructure:"ingress"` + + // Logging corresponds to the JSON schema field "logging". + Logging SpecDistributionModulesLogging `json:"logging" yaml:"logging" mapstructure:"logging"` + + // Monitoring corresponds to the JSON schema field "monitoring". + Monitoring *SpecDistributionModulesMonitoring `json:"monitoring,omitempty" yaml:"monitoring,omitempty" mapstructure:"monitoring,omitempty"` + + // Networking corresponds to the JSON schema field "networking". + Networking *SpecDistributionModulesNetworking `json:"networking,omitempty" yaml:"networking,omitempty" mapstructure:"networking,omitempty"` + + // Policy corresponds to the JSON schema field "policy". + Policy SpecDistributionModulesPolicy `json:"policy" yaml:"policy" mapstructure:"policy"` + + // Tracing corresponds to the JSON schema field "tracing". + Tracing *SpecDistributionModulesTracing `json:"tracing,omitempty" yaml:"tracing,omitempty" mapstructure:"tracing,omitempty"` } -type TypesFuryModuleComponentOverrides struct { - // Set to override the node selector used to place the pods of the package. - NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` +// Configuration for the Auth module. +type SpecDistributionModulesAuth struct { + // The base domain for the ingresses created by the Auth module (Gangplank, + // Pomerium, Dex). Notice that when the ingress module type is `dual`, these will + // use the `external` ingress class. + BaseDomain *string `json:"baseDomain,omitempty" yaml:"baseDomain,omitempty" mapstructure:"baseDomain,omitempty"` - // Set to override the tolerations that will be added to the pods of the package. - Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` + // Dex corresponds to the JSON schema field "dex". + Dex *SpecDistributionModulesAuthDex `json:"dex,omitempty" yaml:"dex,omitempty" mapstructure:"dex,omitempty"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *SpecDistributionModulesAuthOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // Pomerium corresponds to the JSON schema field "pomerium". + Pomerium SpecDistributionModulesAuthPomerium `json:"pomerium,omitempty" yaml:"pomerium,omitempty" mapstructure:"pomerium,omitempty"` + + // Provider corresponds to the JSON schema field "provider". + Provider SpecDistributionModulesAuthProvider `json:"provider" yaml:"provider" mapstructure:"provider"` } // Configuration for the Dex package. @@ -509,56 +357,14 @@ type SpecDistributionModulesAuthDex struct { Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthDex) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["connectors"]; !ok || v == nil { - return fmt.Errorf("field connectors in SpecDistributionModulesAuthDex: required") - } - type Plain SpecDistributionModulesAuthDex - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAuthDex(plain) - return nil -} - -type SpecDistributionModulesAuthOverridesIngress struct { - // Use this host for the ingress instead of the default one. - Host string `json:"host" yaml:"host" mapstructure:"host"` - - // Use this ingress class for the ingress instead of the default one. - IngressClass string `json:"ingressClass" yaml:"ingressClass" mapstructure:"ingressClass"` -} +type SpecDistributionModulesAuthDexExpiry struct { + // Dex ID tokens expiration time duration (default 24h). + IdTokens *string `json:"idTokens,omitempty" yaml:"idTokens,omitempty" mapstructure:"idTokens,omitempty"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthOverridesIngress) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["host"]; !ok || v == nil { - return fmt.Errorf("field host in SpecDistributionModulesAuthOverridesIngress: required") - } - if v, ok := raw["ingressClass"]; !ok || v == nil { - return fmt.Errorf("field ingressClass in SpecDistributionModulesAuthOverridesIngress: required") - } - type Plain SpecDistributionModulesAuthOverridesIngress - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAuthOverridesIngress(plain) - return nil + // Dex signing key expiration time duration (default 6h). + SigningKeys *string `json:"signingKeys,omitempty" yaml:"signingKeys,omitempty" mapstructure:"signingKeys,omitempty"` } -// Override the definition of the Auth module ingresses. -type SpecDistributionModulesAuthOverridesIngresses map[string]SpecDistributionModulesAuthOverridesIngress - // Override the common configuration with a particular configuration for the Auth // module. type SpecDistributionModulesAuthOverrides struct { @@ -573,71 +379,134 @@ type SpecDistributionModulesAuthOverrides struct { Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` } -type SpecDistributionModulesAuthPomerium interface{} - -// Configuration for the HTTP Basic Auth provider. -type SpecDistributionModulesAuthProviderBasicAuth struct { - // The password for logging in with the HTTP basic authentication. - Password string `json:"password" yaml:"password" mapstructure:"password"` +type SpecDistributionModulesAuthOverridesIngress struct { + // Use this host for the ingress instead of the default one. + Host string `json:"host" yaml:"host" mapstructure:"host"` - // The username for logging in with the HTTP basic authentication. - Username string `json:"username" yaml:"username" mapstructure:"username"` + // Use this ingress class for the ingress instead of the default one. + IngressClass string `json:"ingressClass" yaml:"ingressClass" mapstructure:"ingressClass"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthProviderBasicAuth) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["password"]; !ok || v == nil { - return fmt.Errorf("field password in SpecDistributionModulesAuthProviderBasicAuth: required") - } - if v, ok := raw["username"]; !ok || v == nil { - return fmt.Errorf("field username in SpecDistributionModulesAuthProviderBasicAuth: required") - } - type Plain SpecDistributionModulesAuthProviderBasicAuth - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAuthProviderBasicAuth(plain) - return nil -} +// Override the definition of the Auth module ingresses. +type SpecDistributionModulesAuthOverridesIngresses map[string]SpecDistributionModulesAuthOverridesIngress -type SpecDistributionModulesAuthProviderType string +type SpecDistributionModulesAuthPomerium interface{} -var enumValues_SpecDistributionModulesAuthProviderType = []interface{}{ - "none", - "basicAuth", - "sso", +// override default routes for KFD components +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicy struct { + // GatekeeperPolicyManager corresponds to the JSON schema field + // "gatekeeperPolicyManager". + GatekeeperPolicyManager []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyGatekeeperPolicyManagerElem `json:"gatekeeperPolicyManager,omitempty" yaml:"gatekeeperPolicyManager,omitempty" mapstructure:"gatekeeperPolicyManager,omitempty"` + + // HubbleUi corresponds to the JSON schema field "hubbleUi". + HubbleUi []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyHubbleUiElem `json:"hubbleUi,omitempty" yaml:"hubbleUi,omitempty" mapstructure:"hubbleUi,omitempty"` + + // IngressNgnixForecastle corresponds to the JSON schema field + // "ingressNgnixForecastle". + IngressNgnixForecastle []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyIngressNgnixForecastleElem `json:"ingressNgnixForecastle,omitempty" yaml:"ingressNgnixForecastle,omitempty" mapstructure:"ingressNgnixForecastle,omitempty"` + + // LoggingMinioConsole corresponds to the JSON schema field "loggingMinioConsole". + LoggingMinioConsole []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyLoggingMinioConsoleElem `json:"loggingMinioConsole,omitempty" yaml:"loggingMinioConsole,omitempty" mapstructure:"loggingMinioConsole,omitempty"` + + // LoggingOpensearchDashboards corresponds to the JSON schema field + // "loggingOpensearchDashboards". + LoggingOpensearchDashboards []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyLoggingOpensearchDashboardsElem `json:"loggingOpensearchDashboards,omitempty" yaml:"loggingOpensearchDashboards,omitempty" mapstructure:"loggingOpensearchDashboards,omitempty"` + + // MonitoringAlertmanager corresponds to the JSON schema field + // "monitoringAlertmanager". + MonitoringAlertmanager []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringAlertmanagerElem `json:"monitoringAlertmanager,omitempty" yaml:"monitoringAlertmanager,omitempty" mapstructure:"monitoringAlertmanager,omitempty"` + + // MonitoringGrafana corresponds to the JSON schema field "monitoringGrafana". + MonitoringGrafana []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringGrafanaElem `json:"monitoringGrafana,omitempty" yaml:"monitoringGrafana,omitempty" mapstructure:"monitoringGrafana,omitempty"` + + // MonitoringMinioConsole corresponds to the JSON schema field + // "monitoringMinioConsole". + MonitoringMinioConsole []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringMinioConsoleElem `json:"monitoringMinioConsole,omitempty" yaml:"monitoringMinioConsole,omitempty" mapstructure:"monitoringMinioConsole,omitempty"` + + // MonitoringPrometheus corresponds to the JSON schema field + // "monitoringPrometheus". + MonitoringPrometheus []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringPrometheusElem `json:"monitoringPrometheus,omitempty" yaml:"monitoringPrometheus,omitempty" mapstructure:"monitoringPrometheus,omitempty"` + + // TracingMinioConsole corresponds to the JSON schema field "tracingMinioConsole". + TracingMinioConsole []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyTracingMinioConsoleElem `json:"tracingMinioConsole,omitempty" yaml:"tracingMinioConsole,omitempty" mapstructure:"tracingMinioConsole,omitempty"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthProviderType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesAuthProviderType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesAuthProviderType, v) - } - *j = SpecDistributionModulesAuthProviderType(v) - return nil +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyGatekeeperPolicyManagerElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyHubbleUiElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyIngressNgnixForecastleElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyLoggingMinioConsoleElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyLoggingOpensearchDashboardsElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringAlertmanagerElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringGrafanaElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringMinioConsoleElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringPrometheusElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyTracingMinioConsoleElem map[string]interface{} + +type SpecDistributionModulesAuthPomeriumRoutesElem map[string]interface{} + +// Pomerium needs some user-provided secrets to be fully configured. These secrets +// should be unique between clusters. +type SpecDistributionModulesAuthPomeriumSecrets struct { + // Cookie Secret is the secret used to encrypt and sign session cookies. + // + // To generate a random key, run the following command: `head -c32 /dev/urandom | + // base64` + COOKIESECRET string `json:"COOKIE_SECRET" yaml:"COOKIE_SECRET" mapstructure:"COOKIE_SECRET"` + + // Identity Provider Client Secret is the OAuth 2.0 Secret Identifier. When auth + // type is SSO, this value will be the secret used to authenticate Pomerium with + // Dex, **use a strong random value**. + IDPCLIENTSECRET string `json:"IDP_CLIENT_SECRET" yaml:"IDP_CLIENT_SECRET" mapstructure:"IDP_CLIENT_SECRET"` + + // Shared Secret is the base64-encoded, 256-bit key used to mutually authenticate + // requests between Pomerium services. It's critical that secret keys are random, + // and stored safely. + // + // To generate a key, run the following command: `head -c32 /dev/urandom | base64` + SHAREDSECRET string `json:"SHARED_SECRET" yaml:"SHARED_SECRET" mapstructure:"SHARED_SECRET"` + + // Signing Key is the base64 representation of one or more PEM-encoded private + // keys used to sign a user's attestation JWT, which can be consumed by upstream + // applications to pass along identifying user information like username, id, and + // groups. + // + // To generates an P-256 (ES256) signing key: + // + // ```bash + // openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem + // # careful! this will output your private key in terminal + // cat ec_private.pem | base64 + // ``` + SIGNINGKEY string `json:"SIGNING_KEY" yaml:"SIGNING_KEY" mapstructure:"SIGNING_KEY"` } -const ( - SpecDistributionModulesAuthProviderTypeNone SpecDistributionModulesAuthProviderType = "none" - SpecDistributionModulesAuthProviderTypeBasicAuth SpecDistributionModulesAuthProviderType = "basicAuth" - SpecDistributionModulesAuthProviderTypeSso SpecDistributionModulesAuthProviderType = "sso" -) +// Configuration for Pomerium, an identity-aware reverse proxy used for SSO. +type SpecDistributionModulesAuthPomerium_2 struct { + // DefaultRoutesPolicy corresponds to the JSON schema field "defaultRoutesPolicy". + DefaultRoutesPolicy *SpecDistributionModulesAuthPomeriumDefaultRoutesPolicy `json:"defaultRoutesPolicy,omitempty" yaml:"defaultRoutesPolicy,omitempty" mapstructure:"defaultRoutesPolicy,omitempty"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides_1 `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // DEPRECATED: Use defaultRoutesPolicy and/or routes + Policy *string `json:"policy,omitempty" yaml:"policy,omitempty" mapstructure:"policy,omitempty"` + + // Additional routes configuration for Pomerium. Follows Pomerium's route format: + // https://www.pomerium.com/docs/reference/routes + Routes []SpecDistributionModulesAuthPomeriumRoutesElem `json:"routes,omitempty" yaml:"routes,omitempty" mapstructure:"routes,omitempty"` + + // Secrets corresponds to the JSON schema field "secrets". + Secrets SpecDistributionModulesAuthPomeriumSecrets `json:"secrets" yaml:"secrets" mapstructure:"secrets"` +} type SpecDistributionModulesAuthProvider struct { // BasicAuth corresponds to the JSON schema field "basicAuth". @@ -654,80 +523,51 @@ type SpecDistributionModulesAuthProvider struct { Type SpecDistributionModulesAuthProviderType `json:"type" yaml:"type" mapstructure:"type"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthProvider) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesAuthProvider: required") - } - type Plain SpecDistributionModulesAuthProvider - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAuthProvider(plain) - return nil -} - -// Configuration for the Auth module. -type SpecDistributionModulesAuth struct { - // The base domain for the ingresses created by the Auth module (Gangplank, - // Pomerium, Dex). Notice that when the ingress module type is `dual`, these will - // use the `external` ingress class. - BaseDomain *string `json:"baseDomain,omitempty" yaml:"baseDomain,omitempty" mapstructure:"baseDomain,omitempty"` +// Configuration for the HTTP Basic Auth provider. +type SpecDistributionModulesAuthProviderBasicAuth struct { + // The password for logging in with the HTTP basic authentication. + Password string `json:"password" yaml:"password" mapstructure:"password"` - // Dex corresponds to the JSON schema field "dex". - Dex *SpecDistributionModulesAuthDex `json:"dex,omitempty" yaml:"dex,omitempty" mapstructure:"dex,omitempty"` + // The username for logging in with the HTTP basic authentication. + Username string `json:"username" yaml:"username" mapstructure:"username"` +} - // Overrides corresponds to the JSON schema field "overrides". - Overrides *SpecDistributionModulesAuthOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +type SpecDistributionModulesAuthProviderType string - // Pomerium corresponds to the JSON schema field "pomerium". - Pomerium SpecDistributionModulesAuthPomerium `json:"pomerium,omitempty" yaml:"pomerium,omitempty" mapstructure:"pomerium,omitempty"` +const ( + SpecDistributionModulesAuthProviderTypeBasicAuth SpecDistributionModulesAuthProviderType = "basicAuth" + SpecDistributionModulesAuthProviderTypeNone SpecDistributionModulesAuthProviderType = "none" + SpecDistributionModulesAuthProviderTypeSso SpecDistributionModulesAuthProviderType = "sso" +) - // Provider corresponds to the JSON schema field "provider". - Provider SpecDistributionModulesAuthProvider `json:"provider" yaml:"provider" mapstructure:"provider"` -} +type SpecDistributionModulesAws struct { + // ClusterAutoscaler corresponds to the JSON schema field "clusterAutoscaler". + ClusterAutoscaler SpecDistributionModulesAwsClusterAutoscaler `json:"clusterAutoscaler" yaml:"clusterAutoscaler" mapstructure:"clusterAutoscaler"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuth) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["provider"]; !ok || v == nil { - return fmt.Errorf("field provider in SpecDistributionModulesAuth: required") - } - type Plain SpecDistributionModulesAuth - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAuth(plain) - return nil -} + // EbsCsiDriver corresponds to the JSON schema field "ebsCsiDriver". + EbsCsiDriver SpecDistributionModulesAwsEbsCsiDriver `json:"ebsCsiDriver" yaml:"ebsCsiDriver" mapstructure:"ebsCsiDriver"` -type TypesAwsArn string + // EbsSnapshotController corresponds to the JSON schema field + // "ebsSnapshotController". + EbsSnapshotController *SpecDistributionModulesAwsEbsSnapshotController `json:"ebsSnapshotController,omitempty" yaml:"ebsSnapshotController,omitempty" mapstructure:"ebsSnapshotController,omitempty"` -type TypesAwsIamRoleName string + // LoadBalancerController corresponds to the JSON schema field + // "loadBalancerController". + LoadBalancerController SpecDistributionModulesAwsLoadBalancerController `json:"loadBalancerController" yaml:"loadBalancerController" mapstructure:"loadBalancerController"` -type TypesFuryModuleComponentOverridesWithIAMRoleName struct { - // IamRoleName corresponds to the JSON schema field "iamRoleName". - IamRoleName *TypesAwsIamRoleName `json:"iamRoleName,omitempty" yaml:"iamRoleName,omitempty" mapstructure:"iamRoleName,omitempty"` + // Overrides corresponds to the JSON schema field "overrides". + Overrides TypesFuryModuleOverrides `json:"overrides" yaml:"overrides" mapstructure:"overrides"` +} - // The node selector to use to place the pods for the load balancer controller - // module. - NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` +type SpecDistributionModulesAwsClusterAutoscaler struct { + // IamRoleArn corresponds to the JSON schema field "iamRoleArn". + IamRoleArn TypesAwsArn `json:"iamRoleArn" yaml:"iamRoleArn" mapstructure:"iamRoleArn"` - // The tolerations that will be added to the pods for the cluster autoscaler - // module. - Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverridesWithIAMRoleName `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` } -type SpecDistributionModulesAwsClusterAutoscaler struct { +type SpecDistributionModulesAwsEbsCsiDriver struct { // IamRoleArn corresponds to the JSON schema field "iamRoleArn". IamRoleArn TypesAwsArn `json:"iamRoleArn" yaml:"iamRoleArn" mapstructure:"iamRoleArn"` @@ -735,25 +575,12 @@ type SpecDistributionModulesAwsClusterAutoscaler struct { Overrides *TypesFuryModuleComponentOverridesWithIAMRoleName `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAwsClusterAutoscaler) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["iamRoleArn"]; !ok || v == nil { - return fmt.Errorf("field iamRoleArn in SpecDistributionModulesAwsClusterAutoscaler: required") - } - type Plain SpecDistributionModulesAwsClusterAutoscaler - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAwsClusterAutoscaler(plain) - return nil +type SpecDistributionModulesAwsEbsSnapshotController struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` } -type SpecDistributionModulesAwsEbsCsiDriver struct { +type SpecDistributionModulesAwsLoadBalancerController struct { // IamRoleArn corresponds to the JSON schema field "iamRoleArn". IamRoleArn TypesAwsArn `json:"iamRoleArn" yaml:"iamRoleArn" mapstructure:"iamRoleArn"` @@ -761,1105 +588,1378 @@ type SpecDistributionModulesAwsEbsCsiDriver struct { Overrides *TypesFuryModuleComponentOverridesWithIAMRoleName `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAwsEbsCsiDriver) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["iamRoleArn"]; !ok || v == nil { - return fmt.Errorf("field iamRoleArn in SpecDistributionModulesAwsEbsCsiDriver: required") - } - type Plain SpecDistributionModulesAwsEbsCsiDriver - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAwsEbsCsiDriver(plain) - return nil +// Configuration for the Disaster Recovery module. +type SpecDistributionModulesDr struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // The type of the Disaster Recovery, must be `none` or `eks`. `none` disables the + // module and `eks` will install Velero and use an S3 bucket to store the + // backups. + // + // Default is `none`. + Type SpecDistributionModulesDrType `json:"type" yaml:"type" mapstructure:"type"` + + // Velero corresponds to the JSON schema field "velero". + Velero *SpecDistributionModulesDrVelero `json:"velero,omitempty" yaml:"velero,omitempty" mapstructure:"velero,omitempty"` } -type SpecDistributionModulesAwsEbsSnapshotController struct { +type SpecDistributionModulesDrType string + +const ( + SpecDistributionModulesDrTypeEks SpecDistributionModulesDrType = "eks" + SpecDistributionModulesDrTypeNone SpecDistributionModulesDrType = "none" +) + +type SpecDistributionModulesDrVelero struct { + // Eks corresponds to the JSON schema field "eks". + Eks SpecDistributionModulesDrVeleroEks `json:"eks" yaml:"eks" mapstructure:"eks"` + // Overrides corresponds to the JSON schema field "overrides". Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // Configuration for Velero's backup schedules. + Schedules *SpecDistributionModulesDrVeleroSchedules `json:"schedules,omitempty" yaml:"schedules,omitempty" mapstructure:"schedules,omitempty"` } -type SpecDistributionModulesAwsLoadBalancerController struct { +type SpecDistributionModulesDrVeleroEks struct { + // The name of the bucket for Velero. + BucketName TypesAwsS3BucketName `json:"bucketName" yaml:"bucketName" mapstructure:"bucketName"` + // IamRoleArn corresponds to the JSON schema field "iamRoleArn". IamRoleArn TypesAwsArn `json:"iamRoleArn" yaml:"iamRoleArn" mapstructure:"iamRoleArn"` - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverridesWithIAMRoleName `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + // The region where the bucket for Velero will be located. + Region TypesAwsRegion `json:"region" yaml:"region" mapstructure:"region"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAwsLoadBalancerController) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["iamRoleArn"]; !ok || v == nil { - return fmt.Errorf("field iamRoleArn in SpecDistributionModulesAwsLoadBalancerController: required") - } - type Plain SpecDistributionModulesAwsLoadBalancerController - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAwsLoadBalancerController(plain) - return nil -} +// Configuration for Velero's backup schedules. +type SpecDistributionModulesDrVeleroSchedules struct { + // Configuration for Velero schedules. + Definitions *SpecDistributionModulesDrVeleroSchedulesDefinitions `json:"definitions,omitempty" yaml:"definitions,omitempty" mapstructure:"definitions,omitempty"` -type TypesFuryModuleOverridesIngress struct { - // If true, the ingress will not have authentication even if - // `.spec.modules.auth.provider.type` is SSO or Basic Auth. - DisableAuth *bool `json:"disableAuth,omitempty" yaml:"disableAuth,omitempty" mapstructure:"disableAuth,omitempty"` + // Whether to install or not the default `manifests` and `full` backups schedules. + // Default is `true`. + Install *bool `json:"install,omitempty" yaml:"install,omitempty" mapstructure:"install,omitempty"` +} - // Use this host for the ingress instead of the default one. - Host *string `json:"host,omitempty" yaml:"host,omitempty" mapstructure:"host,omitempty"` +// Configuration for Velero schedules. +type SpecDistributionModulesDrVeleroSchedulesDefinitions struct { + // Configuration for Velero's manifests backup schedule. + Full *SpecDistributionModulesDrVeleroSchedulesDefinitionsFull `json:"full,omitempty" yaml:"full,omitempty" mapstructure:"full,omitempty"` - // Use this ingress class for the ingress instead of the default one. - IngressClass *string `json:"ingressClass,omitempty" yaml:"ingressClass,omitempty" mapstructure:"ingressClass,omitempty"` + // Configuration for Velero's manifests backup schedule. + Manifests *SpecDistributionModulesDrVeleroSchedulesDefinitionsManifests `json:"manifests,omitempty" yaml:"manifests,omitempty" mapstructure:"manifests,omitempty"` } -type TypesFuryModuleOverridesIngresses map[string]TypesFuryModuleOverridesIngress +// Configuration for Velero's manifests backup schedule. +type SpecDistributionModulesDrVeleroSchedulesDefinitionsFull struct { + // The cron expression for the `full` backup schedule (default `0 1 * * *`). + Schedule *string `json:"schedule,omitempty" yaml:"schedule,omitempty" mapstructure:"schedule,omitempty"` -// Override the common configuration with a particular configuration for the -// module. -type TypesFuryModuleOverrides struct { - // Ingresses corresponds to the JSON schema field "ingresses". - Ingresses TypesFuryModuleOverridesIngresses `json:"ingresses,omitempty" yaml:"ingresses,omitempty" mapstructure:"ingresses,omitempty"` + // EXPERIMENTAL (if you do more than one backups, the following backups after the + // first are not automatically restorable, see + // https://github.com/vmware-tanzu/velero/issues/7057#issuecomment-2466815898 for + // the manual restore solution): SnapshotMoveData specifies whether snapshot data + // should be moved. Velero will create a new volume from the snapshot and upload + // the content to the storageLocation. + SnapshotMoveData *bool `json:"snapshotMoveData,omitempty" yaml:"snapshotMoveData,omitempty" mapstructure:"snapshotMoveData,omitempty"` - // Set to override the node selector used to place the pods of the module. - NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + // The Time To Live (TTL) of the backups created by the backup schedules (default + // `720h0m0s`, 30 days). Notice that changing this value will affect only newly + // created backups, prior backups will keep the old TTL. + Ttl *string `json:"ttl,omitempty" yaml:"ttl,omitempty" mapstructure:"ttl,omitempty"` +} - // Set to override the tolerations that will be added to the pods of the module. - Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +// Configuration for Velero's manifests backup schedule. +type SpecDistributionModulesDrVeleroSchedulesDefinitionsManifests struct { + // The cron expression for the `manifests` backup schedule (default `*/15 * * * + // *`). + Schedule *string `json:"schedule,omitempty" yaml:"schedule,omitempty" mapstructure:"schedule,omitempty"` + + // The Time To Live (TTL) of the backups created by the backup schedules (default + // `720h0m0s`, 30 days). Notice that changing this value will affect only newly + // created backups, prior backups will keep the old TTL. + Ttl *string `json:"ttl,omitempty" yaml:"ttl,omitempty" mapstructure:"ttl,omitempty"` } -type SpecDistributionModulesAws struct { - // ClusterAutoscaler corresponds to the JSON schema field "clusterAutoscaler". - ClusterAutoscaler SpecDistributionModulesAwsClusterAutoscaler `json:"clusterAutoscaler" yaml:"clusterAutoscaler" mapstructure:"clusterAutoscaler"` +type SpecDistributionModulesIngress struct { + // The base domain used for all the KFD infrastructural ingresses. If in the nginx + // `dual` configuration type, this value should be the same as the + // `.spec.distribution.modules.ingress.dns.private.name` zone. + BaseDomain string `json:"baseDomain" yaml:"baseDomain" mapstructure:"baseDomain"` - // EbsCsiDriver corresponds to the JSON schema field "ebsCsiDriver". - EbsCsiDriver SpecDistributionModulesAwsEbsCsiDriver `json:"ebsCsiDriver" yaml:"ebsCsiDriver" mapstructure:"ebsCsiDriver"` + // Configuration for the cert-manager package. Required even if + // `ingress.nginx.type` is `none`, cert-manager is used for managing other + // certificates in the cluster besides the TLS termination certificates for the + // ingresses. + CertManager SpecDistributionModulesIngressCertManager `json:"certManager" yaml:"certManager" mapstructure:"certManager"` - // EbsSnapshotController corresponds to the JSON schema field - // "ebsSnapshotController". - EbsSnapshotController *SpecDistributionModulesAwsEbsSnapshotController `json:"ebsSnapshotController,omitempty" yaml:"ebsSnapshotController,omitempty" mapstructure:"ebsSnapshotController,omitempty"` + // Dns corresponds to the JSON schema field "dns". + Dns *SpecDistributionModulesIngressDNS `json:"dns,omitempty" yaml:"dns,omitempty" mapstructure:"dns,omitempty"` - // LoadBalancerController corresponds to the JSON schema field - // "loadBalancerController". - LoadBalancerController SpecDistributionModulesAwsLoadBalancerController `json:"loadBalancerController" yaml:"loadBalancerController" mapstructure:"loadBalancerController"` + // ExternalDns corresponds to the JSON schema field "externalDns". + ExternalDns SpecDistributionModulesIngressExternalDNS `json:"externalDns" yaml:"externalDns" mapstructure:"externalDns"` - // Overrides corresponds to the JSON schema field "overrides". - Overrides TypesFuryModuleOverrides `json:"overrides" yaml:"overrides" mapstructure:"overrides"` -} + // Forecastle corresponds to the JSON schema field "forecastle". + Forecastle *SpecDistributionModulesIngressForecastle `json:"forecastle,omitempty" yaml:"forecastle,omitempty" mapstructure:"forecastle,omitempty"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAws) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["clusterAutoscaler"]; !ok || v == nil { - return fmt.Errorf("field clusterAutoscaler in SpecDistributionModulesAws: required") - } - if v, ok := raw["ebsCsiDriver"]; !ok || v == nil { - return fmt.Errorf("field ebsCsiDriver in SpecDistributionModulesAws: required") - } - if v, ok := raw["loadBalancerController"]; !ok || v == nil { - return fmt.Errorf("field loadBalancerController in SpecDistributionModulesAws: required") - } - if v, ok := raw["overrides"]; !ok || v == nil { - return fmt.Errorf("field overrides in SpecDistributionModulesAws: required") - } - type Plain SpecDistributionModulesAws - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAws(plain) - return nil + // Configurations for the Ingress nginx controller package. + Nginx SpecDistributionModulesIngressNginx `json:"nginx" yaml:"nginx" mapstructure:"nginx"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *SpecDistributionModulesIngressOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` } -type SpecDistributionModulesDrType string +// Configuration for the cert-manager package. Required even if +// `ingress.nginx.type` is `none`, cert-manager is used for managing other +// certificates in the cluster besides the TLS termination certificates for the +// ingresses. +type SpecDistributionModulesIngressCertManager struct { + // ClusterIssuer corresponds to the JSON schema field "clusterIssuer". + ClusterIssuer SpecDistributionModulesIngressCertManagerClusterIssuer `json:"clusterIssuer" yaml:"clusterIssuer" mapstructure:"clusterIssuer"` -var enumValues_SpecDistributionModulesDrType = []interface{}{ - "none", - "eks", + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesDrType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesDrType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesDrType, v) - } - *j = SpecDistributionModulesDrType(v) - return nil -} +// Configuration for the cert-manager's ACME clusterIssuer used to request +// certificates from Let's Encrypt. +type SpecDistributionModulesIngressCertManagerClusterIssuer struct { + // The email address to use during the certificate issuing process. + Email string `json:"email" yaml:"email" mapstructure:"email"` -const ( - SpecDistributionModulesDrTypeNone SpecDistributionModulesDrType = "none" - SpecDistributionModulesDrTypeEks SpecDistributionModulesDrType = "eks" -) + // The name of the clusterIssuer. + Name string `json:"name" yaml:"name" mapstructure:"name"` -type TypesAwsS3BucketName string + // Route53 corresponds to the JSON schema field "route53". + Route53 SpecDistributionModulesIngressClusterIssuerRoute53 `json:"route53" yaml:"route53" mapstructure:"route53"` -type TypesAwsRegion string - -var enumValues_TypesAwsRegion = []interface{}{ - "af-south-1", - "ap-east-1", - "ap-northeast-1", - "ap-northeast-2", - "ap-northeast-3", - "ap-south-1", - "ap-south-2", - "ap-southeast-1", - "ap-southeast-2", - "ap-southeast-3", - "ap-southeast-4", - "ca-central-1", - "eu-central-1", - "eu-central-2", - "eu-north-1", - "eu-south-1", - "eu-south-2", - "eu-west-1", - "eu-west-2", - "eu-west-3", - "me-central-1", - "me-south-1", - "sa-east-1", - "us-east-1", - "us-east-2", - "us-gov-east-1", - "us-gov-west-1", - "us-west-1", - "us-west-2", -} + // The list of challenge solvers to use instead of the default one for the + // `http01` challenge. Check [cert manager's + // documentation](https://cert-manager.io/docs/configuration/acme/#adding-multiple-solver-types) + // for examples for this field. + Solvers []interface{} `json:"solvers,omitempty" yaml:"solvers,omitempty" mapstructure:"solvers,omitempty"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *TypesAwsRegion) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_TypesAwsRegion { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesAwsRegion, v) - } - *j = TypesAwsRegion(v) - return nil + // The type of the clusterIssuer, must be `dns01` for using DNS challenge or + // `http01` for using HTTP challenge. + Type *SpecDistributionModulesIngressCertManagerClusterIssuerType `json:"type,omitempty" yaml:"type,omitempty" mapstructure:"type,omitempty"` } -const TypesAwsRegionAfSouth1 TypesAwsRegion = "af-south-1" - -type Metadata struct { - // The name of the cluster. It will also be used as a prefix for all the other - // resources created. - Name string `json:"name" yaml:"name" mapstructure:"name"` -} +type SpecDistributionModulesIngressCertManagerClusterIssuerType string const ( - TypesAwsRegionApNortheast1 TypesAwsRegion = "ap-northeast-1" - TypesAwsRegionApNortheast2 TypesAwsRegion = "ap-northeast-2" - TypesAwsRegionApNortheast3 TypesAwsRegion = "ap-northeast-3" - TypesAwsRegionApSouth1 TypesAwsRegion = "ap-south-1" - TypesAwsRegionApSouth2 TypesAwsRegion = "ap-south-2" - TypesAwsRegionApSoutheast1 TypesAwsRegion = "ap-southeast-1" - TypesAwsRegionApSoutheast2 TypesAwsRegion = "ap-southeast-2" - TypesAwsRegionApSoutheast3 TypesAwsRegion = "ap-southeast-3" - TypesAwsRegionApSoutheast4 TypesAwsRegion = "ap-southeast-4" - TypesAwsRegionCaCentral1 TypesAwsRegion = "ca-central-1" - TypesAwsRegionEuCentral1 TypesAwsRegion = "eu-central-1" - TypesAwsRegionEuCentral2 TypesAwsRegion = "eu-central-2" - TypesAwsRegionEuNorth1 TypesAwsRegion = "eu-north-1" - TypesAwsRegionEuSouth1 TypesAwsRegion = "eu-south-1" - TypesAwsRegionEuSouth2 TypesAwsRegion = "eu-south-2" - TypesAwsRegionEuWest1 TypesAwsRegion = "eu-west-1" - TypesAwsRegionEuWest2 TypesAwsRegion = "eu-west-2" - TypesAwsRegionEuWest3 TypesAwsRegion = "eu-west-3" - TypesAwsRegionMeCentral1 TypesAwsRegion = "me-central-1" - TypesAwsRegionMeSouth1 TypesAwsRegion = "me-south-1" - TypesAwsRegionSaEast1 TypesAwsRegion = "sa-east-1" - TypesAwsRegionUsEast1 TypesAwsRegion = "us-east-1" - TypesAwsRegionUsEast2 TypesAwsRegion = "us-east-2" - TypesAwsRegionUsGovEast1 TypesAwsRegion = "us-gov-east-1" - TypesAwsRegionUsGovWest1 TypesAwsRegion = "us-gov-west-1" - TypesAwsRegionUsWest1 TypesAwsRegion = "us-west-1" - TypesAwsRegionUsWest2 TypesAwsRegion = "us-west-2" + SpecDistributionModulesIngressCertManagerClusterIssuerTypeDns01 SpecDistributionModulesIngressCertManagerClusterIssuerType = "dns01" + SpecDistributionModulesIngressCertManagerClusterIssuerTypeHttp01 SpecDistributionModulesIngressCertManagerClusterIssuerType = "http01" ) -type SpecDistributionModulesDrVeleroEks struct { - // The name of the bucket for Velero. - BucketName TypesAwsS3BucketName `json:"bucketName" yaml:"bucketName" mapstructure:"bucketName"` +type SpecDistributionModulesIngressClusterIssuerRoute53 struct { + // HostedZoneId corresponds to the JSON schema field "hostedZoneId". + HostedZoneId string `json:"hostedZoneId" yaml:"hostedZoneId" mapstructure:"hostedZoneId"` // IamRoleArn corresponds to the JSON schema field "iamRoleArn". IamRoleArn TypesAwsArn `json:"iamRoleArn" yaml:"iamRoleArn" mapstructure:"iamRoleArn"` - // The region where the bucket for Velero will be located. + // Region corresponds to the JSON schema field "region". Region TypesAwsRegion `json:"region" yaml:"region" mapstructure:"region"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesDrVeleroEks) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["bucketName"]; !ok || v == nil { - return fmt.Errorf("field bucketName in SpecDistributionModulesDrVeleroEks: required") - } - if v, ok := raw["iamRoleArn"]; !ok || v == nil { - return fmt.Errorf("field iamRoleArn in SpecDistributionModulesDrVeleroEks: required") - } - if v, ok := raw["region"]; !ok || v == nil { - return fmt.Errorf("field region in SpecDistributionModulesDrVeleroEks: required") - } - type Plain SpecDistributionModulesDrVeleroEks - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesDrVeleroEks(plain) - return nil -} - -// Configuration for Velero's manifests backup schedule. -type SpecDistributionModulesDrVeleroSchedulesDefinitionsFull struct { - // The cron expression for the `full` backup schedule (default `0 1 * * *`). - Schedule *string `json:"schedule,omitempty" yaml:"schedule,omitempty" mapstructure:"schedule,omitempty"` +// DNS definition, used in conjunction with `externalDNS` package to automate DNS +// management and certificates emission. +type SpecDistributionModulesIngressDNS struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - // EXPERIMENTAL (if you do more than one backups, the following backups after the - // first are not automatically restorable, see - // https://github.com/vmware-tanzu/velero/issues/7057#issuecomment-2466815898 for - // the manual restore solution): SnapshotMoveData specifies whether snapshot data - // should be moved. Velero will create a new volume from the snapshot and upload - // the content to the storageLocation. - SnapshotMoveData *bool `json:"snapshotMoveData,omitempty" yaml:"snapshotMoveData,omitempty" mapstructure:"snapshotMoveData,omitempty"` + // Private corresponds to the JSON schema field "private". + Private *SpecDistributionModulesIngressDNSPrivate `json:"private,omitempty" yaml:"private,omitempty" mapstructure:"private,omitempty"` - // The Time To Live (TTL) of the backups created by the backup schedules (default - // `720h0m0s`, 30 days). Notice that changing this value will affect only newly - // created backups, prior backups will keep the old TTL. - Ttl *string `json:"ttl,omitempty" yaml:"ttl,omitempty" mapstructure:"ttl,omitempty"` + // Public corresponds to the JSON schema field "public". + Public *SpecDistributionModulesIngressDNSPublic `json:"public,omitempty" yaml:"public,omitempty" mapstructure:"public,omitempty"` } -// Configuration for Velero's manifests backup schedule. -type SpecDistributionModulesDrVeleroSchedulesDefinitionsManifests struct { - // The cron expression for the `manifests` backup schedule (default `*/15 * * * - // *`). - Schedule *string `json:"schedule,omitempty" yaml:"schedule,omitempty" mapstructure:"schedule,omitempty"` +// The private DNS zone is used only when `ingress.nginx.type` is `dual`, for +// exposing infrastructural services only in the private DNS zone. +type SpecDistributionModulesIngressDNSPrivate struct { + // By default, a Terraform data source will be used to get the private DNS zone. + // Set to `true` to create the private zone instead. + Create bool `json:"create" yaml:"create" mapstructure:"create"` - // The Time To Live (TTL) of the backups created by the backup schedules (default - // `720h0m0s`, 30 days). Notice that changing this value will affect only newly - // created backups, prior backups will keep the old TTL. - Ttl *string `json:"ttl,omitempty" yaml:"ttl,omitempty" mapstructure:"ttl,omitempty"` + // The name of the private hosted zone. Example: `internal.fury-demo.sighup.io`. + Name string `json:"name" yaml:"name" mapstructure:"name"` + + // VpcId corresponds to the JSON schema field "vpcId". + VpcId string `json:"vpcId" yaml:"vpcId" mapstructure:"vpcId"` } -// Configuration for Velero schedules. -type SpecDistributionModulesDrVeleroSchedulesDefinitions struct { - // Configuration for Velero's manifests backup schedule. - Full *SpecDistributionModulesDrVeleroSchedulesDefinitionsFull `json:"full,omitempty" yaml:"full,omitempty" mapstructure:"full,omitempty"` +type SpecDistributionModulesIngressDNSPublic struct { + // By default, a Terraform data source will be used to get the public DNS zone. + // Set to `true` to create the public zone instead. + Create bool `json:"create" yaml:"create" mapstructure:"create"` - // Configuration for Velero's manifests backup schedule. - Manifests *SpecDistributionModulesDrVeleroSchedulesDefinitionsManifests `json:"manifests,omitempty" yaml:"manifests,omitempty" mapstructure:"manifests,omitempty"` + // The name of the public hosted zone. + Name string `json:"name" yaml:"name" mapstructure:"name"` } -// Configuration for Velero's backup schedules. -type SpecDistributionModulesDrVeleroSchedules struct { - // Configuration for Velero schedules. - Definitions *SpecDistributionModulesDrVeleroSchedulesDefinitions `json:"definitions,omitempty" yaml:"definitions,omitempty" mapstructure:"definitions,omitempty"` +type SpecDistributionModulesIngressExternalDNS struct { + // PrivateIamRoleArn corresponds to the JSON schema field "privateIamRoleArn". + PrivateIamRoleArn TypesAwsArn `json:"privateIamRoleArn" yaml:"privateIamRoleArn" mapstructure:"privateIamRoleArn"` - // Whether to install or not the default `manifests` and `full` backups schedules. - // Default is `true`. - Install *bool `json:"install,omitempty" yaml:"install,omitempty" mapstructure:"install,omitempty"` + // PublicIamRoleArn corresponds to the JSON schema field "publicIamRoleArn". + PublicIamRoleArn TypesAwsArn `json:"publicIamRoleArn" yaml:"publicIamRoleArn" mapstructure:"publicIamRoleArn"` } -type SpecDistributionModulesDrVelero struct { - // Eks corresponds to the JSON schema field "eks". - Eks SpecDistributionModulesDrVeleroEks `json:"eks" yaml:"eks" mapstructure:"eks"` - +type SpecDistributionModulesIngressForecastle struct { // Overrides corresponds to the JSON schema field "overrides". Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // Configuration for Velero's backup schedules. - Schedules *SpecDistributionModulesDrVeleroSchedules `json:"schedules,omitempty" yaml:"schedules,omitempty" mapstructure:"schedules,omitempty"` -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesDrVelero) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["eks"]; !ok || v == nil { - return fmt.Errorf("field eks in SpecDistributionModulesDrVelero: required") - } - type Plain SpecDistributionModulesDrVelero - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesDrVelero(plain) - return nil } -// Configuration for the Disaster Recovery module. -type SpecDistributionModulesDr struct { +type SpecDistributionModulesIngressNginx struct { // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - // The type of the Disaster Recovery, must be `none` or `eks`. `none` disables the - // module and `eks` will install Velero and use an S3 bucket to store the - // backups. - // - // Default is `none`. - Type SpecDistributionModulesDrType `json:"type" yaml:"type" mapstructure:"type"` + // Tls corresponds to the JSON schema field "tls". + Tls *SpecDistributionModulesIngressNginxTLS `json:"tls,omitempty" yaml:"tls,omitempty" mapstructure:"tls,omitempty"` - // Velero corresponds to the JSON schema field "velero". - Velero *SpecDistributionModulesDrVelero `json:"velero,omitempty" yaml:"velero,omitempty" mapstructure:"velero,omitempty"` + // The type of the Ingress nginx controller, options are: + // - `none`: no ingress controller will be installed and no infrastructural + // ingresses will be created. + // - `single`: a single ingress controller with ingress class `nginx` will be + // installed to manage all the ingress resources, infrastructural ingresses will + // be created. + // - `dual`: two independent ingress controllers will be installed, one for the + // `internal` ingress class intended for private ingresses and one for the + // `external` ingress class intended for public ingresses. KFD infrastructural + // ingresses wil use the `internal` ingress class when using the dual type. + // + // Default is `single`. + Type SpecDistributionModulesIngressNginxType `json:"type" yaml:"type" mapstructure:"type"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesDr) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesDr: required") - } - type Plain SpecDistributionModulesDr - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesDr(plain) - return nil +type SpecDistributionModulesIngressNginxTLS struct { + // The provider of the TLS certificates for the ingresses, one of: `none`, + // `certManager`, or `secret`. + Provider SpecDistributionModulesIngressNginxTLSProvider `json:"provider" yaml:"provider" mapstructure:"provider"` + + // Secret corresponds to the JSON schema field "secret". + Secret *SpecDistributionModulesIngressNginxTLSSecret `json:"secret,omitempty" yaml:"secret,omitempty" mapstructure:"secret,omitempty"` } -type SpecDistributionModulesIngressClusterIssuerRoute53 struct { - // HostedZoneId corresponds to the JSON schema field "hostedZoneId". - HostedZoneId string `json:"hostedZoneId" yaml:"hostedZoneId" mapstructure:"hostedZoneId"` - - // IamRoleArn corresponds to the JSON schema field "iamRoleArn". - IamRoleArn TypesAwsArn `json:"iamRoleArn" yaml:"iamRoleArn" mapstructure:"iamRoleArn"` +type SpecDistributionModulesIngressNginxTLSProvider string - // Region corresponds to the JSON schema field "region". - Region TypesAwsRegion `json:"region" yaml:"region" mapstructure:"region"` -} +const ( + SpecDistributionModulesIngressNginxTLSProviderCertManager SpecDistributionModulesIngressNginxTLSProvider = "certManager" + SpecDistributionModulesIngressNginxTLSProviderNone SpecDistributionModulesIngressNginxTLSProvider = "none" + SpecDistributionModulesIngressNginxTLSProviderSecret SpecDistributionModulesIngressNginxTLSProvider = "secret" +) -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressClusterIssuerRoute53) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["hostedZoneId"]; !ok || v == nil { - return fmt.Errorf("field hostedZoneId in SpecDistributionModulesIngressClusterIssuerRoute53: required") - } - if v, ok := raw["iamRoleArn"]; !ok || v == nil { - return fmt.Errorf("field iamRoleArn in SpecDistributionModulesIngressClusterIssuerRoute53: required") - } - if v, ok := raw["region"]; !ok || v == nil { - return fmt.Errorf("field region in SpecDistributionModulesIngressClusterIssuerRoute53: required") - } - type Plain SpecDistributionModulesIngressClusterIssuerRoute53 - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressClusterIssuerRoute53(plain) - return nil -} +// Kubernetes TLS secret for the ingresses TLS certificate. +type SpecDistributionModulesIngressNginxTLSSecret struct { + // The Certificate Authority certificate file's content. You can use the + // `"{file://}"` notation to get the content from a file. + Ca string `json:"ca" yaml:"ca" mapstructure:"ca"` -type SpecDistributionModulesIngressCertManagerClusterIssuerType string + // The certificate file's content. You can use the `"{file://}"` notation to + // get the content from a file. + Cert string `json:"cert" yaml:"cert" mapstructure:"cert"` -var enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType = []interface{}{ - "dns01", - "http01", + // The signing key file's content. You can use the `"{file://}"` notation to + // get the content from a file. + Key string `json:"key" yaml:"key" mapstructure:"key"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressCertManagerClusterIssuerType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType, v) - } - *j = SpecDistributionModulesIngressCertManagerClusterIssuerType(v) - return nil -} +type SpecDistributionModulesIngressNginxType string const ( - SpecDistributionModulesIngressCertManagerClusterIssuerTypeDns01 SpecDistributionModulesIngressCertManagerClusterIssuerType = "dns01" - SpecDistributionModulesIngressCertManagerClusterIssuerTypeHttp01 SpecDistributionModulesIngressCertManagerClusterIssuerType = "http01" + SpecDistributionModulesIngressNginxTypeDual SpecDistributionModulesIngressNginxType = "dual" + SpecDistributionModulesIngressNginxTypeNone SpecDistributionModulesIngressNginxType = "none" + SpecDistributionModulesIngressNginxTypeSingle SpecDistributionModulesIngressNginxType = "single" ) -// Configuration for the cert-manager's ACME clusterIssuer used to request -// certificates from Let's Encrypt. -type SpecDistributionModulesIngressCertManagerClusterIssuer struct { - // The email address to use during the certificate issuing process. - Email string `json:"email" yaml:"email" mapstructure:"email"` - - // The name of the clusterIssuer. - Name string `json:"name" yaml:"name" mapstructure:"name"` - - // Route53 corresponds to the JSON schema field "route53". - Route53 SpecDistributionModulesIngressClusterIssuerRoute53 `json:"route53" yaml:"route53" mapstructure:"route53"` - - // The list of challenge solvers to use instead of the default one for the - // `http01` challenge. Check [cert manager's - // documentation](https://cert-manager.io/docs/configuration/acme/#adding-multiple-solver-types) - // for examples for this field. - Solvers []interface{} `json:"solvers,omitempty" yaml:"solvers,omitempty" mapstructure:"solvers,omitempty"` +// Override the common configuration with a particular configuration for the +// Ingress module. +type SpecDistributionModulesIngressOverrides struct { + // Ingresses corresponds to the JSON schema field "ingresses". + Ingresses *SpecDistributionModulesIngressOverridesIngresses `json:"ingresses,omitempty" yaml:"ingresses,omitempty" mapstructure:"ingresses,omitempty"` - // The type of the clusterIssuer, must be `dns01` for using DNS challenge or - // `http01` for using HTTP challenge. - Type *SpecDistributionModulesIngressCertManagerClusterIssuerType `json:"type,omitempty" yaml:"type,omitempty" mapstructure:"type,omitempty"` -} + // Set to override the node selector used to place the pods of the Ingress module. + NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressCertManagerClusterIssuer) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["email"]; !ok || v == nil { - return fmt.Errorf("field email in SpecDistributionModulesIngressCertManagerClusterIssuer: required") - } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionModulesIngressCertManagerClusterIssuer: required") - } - if v, ok := raw["route53"]; !ok || v == nil { - return fmt.Errorf("field route53 in SpecDistributionModulesIngressCertManagerClusterIssuer: required") - } - type Plain SpecDistributionModulesIngressCertManagerClusterIssuer - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressCertManagerClusterIssuer(plain) - return nil + // Set to override the tolerations that will be added to the pods of the Ingress + // module. + Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` } -// Configuration for the cert-manager package. Required even if -// `ingress.nginx.type` is `none`, cert-manager is used for managing other -// certificates in the cluster besides the TLS termination certificates for the -// ingresses. -type SpecDistributionModulesIngressCertManager struct { - // ClusterIssuer corresponds to the JSON schema field "clusterIssuer". - ClusterIssuer SpecDistributionModulesIngressCertManagerClusterIssuer `json:"clusterIssuer" yaml:"clusterIssuer" mapstructure:"clusterIssuer"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +type SpecDistributionModulesIngressOverridesIngresses struct { + // Forecastle corresponds to the JSON schema field "forecastle". + Forecastle *TypesFuryModuleOverridesIngress `json:"forecastle,omitempty" yaml:"forecastle,omitempty" mapstructure:"forecastle,omitempty"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressCertManager) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["clusterIssuer"]; !ok || v == nil { - return fmt.Errorf("field clusterIssuer in SpecDistributionModulesIngressCertManager: required") - } - type Plain SpecDistributionModulesIngressCertManager - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressCertManager(plain) - return nil -} +// Configuration for the Logging module. +type SpecDistributionModulesLogging struct { + // Cerebro corresponds to the JSON schema field "cerebro". + Cerebro *SpecDistributionModulesLoggingCerebro `json:"cerebro,omitempty" yaml:"cerebro,omitempty" mapstructure:"cerebro,omitempty"` -// The private DNS zone is used only when `ingress.nginx.type` is `dual`, for -// exposing infrastructural services only in the private DNS zone. -type SpecDistributionModulesIngressDNSPrivate struct { - // By default, a Terraform data source will be used to get the private DNS zone. - // Set to `true` to create the private zone instead. - Create bool `json:"create" yaml:"create" mapstructure:"create"` + // CustomOutputs corresponds to the JSON schema field "customOutputs". + CustomOutputs *SpecDistributionModulesLoggingCustomOutputs `json:"customOutputs,omitempty" yaml:"customOutputs,omitempty" mapstructure:"customOutputs,omitempty"` - // The name of the private hosted zone. Example: `internal.fury-demo.sighup.io`. - Name string `json:"name" yaml:"name" mapstructure:"name"` + // Loki corresponds to the JSON schema field "loki". + Loki *SpecDistributionModulesLoggingLoki `json:"loki,omitempty" yaml:"loki,omitempty" mapstructure:"loki,omitempty"` - // VpcId corresponds to the JSON schema field "vpcId". - VpcId string `json:"vpcId" yaml:"vpcId" mapstructure:"vpcId"` -} + // Minio corresponds to the JSON schema field "minio". + Minio *SpecDistributionModulesLoggingMinio `json:"minio,omitempty" yaml:"minio,omitempty" mapstructure:"minio,omitempty"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressDNSPrivate) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["create"]; !ok || v == nil { - return fmt.Errorf("field create in SpecDistributionModulesIngressDNSPrivate: required") - } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionModulesIngressDNSPrivate: required") - } - if v, ok := raw["vpcId"]; !ok || v == nil { - return fmt.Errorf("field vpcId in SpecDistributionModulesIngressDNSPrivate: required") - } - type Plain SpecDistributionModulesIngressDNSPrivate - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressDNSPrivate(plain) - return nil -} + // Opensearch corresponds to the JSON schema field "opensearch". + Opensearch *SpecDistributionModulesLoggingOpensearch `json:"opensearch,omitempty" yaml:"opensearch,omitempty" mapstructure:"opensearch,omitempty"` -type SpecDistributionModulesIngressDNSPublic struct { - // By default, a Terraform data source will be used to get the public DNS zone. - // Set to `true` to create the public zone instead. - Create bool `json:"create" yaml:"create" mapstructure:"create"` + // Operator corresponds to the JSON schema field "operator". + Operator *SpecDistributionModulesLoggingOperator `json:"operator,omitempty" yaml:"operator,omitempty" mapstructure:"operator,omitempty"` - // The name of the public hosted zone. - Name string `json:"name" yaml:"name" mapstructure:"name"` -} + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressDNSPublic) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["create"]; !ok || v == nil { - return fmt.Errorf("field create in SpecDistributionModulesIngressDNSPublic: required") - } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionModulesIngressDNSPublic: required") - } - type Plain SpecDistributionModulesIngressDNSPublic - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressDNSPublic(plain) - return nil + // Selects the logging stack. Options are: + // - `none`: will disable the centralized logging. + // - `opensearch`: will deploy and configure the Logging Operator and an + // OpenSearch cluster (can be single or triple for HA) where the logs will be + // stored. + // - `loki`: will use a distributed Grafana Loki instead of OpenSearch for + // storage. + // - `customOuputs`: the Logging Operator will be deployed and installed but + // without in-cluster storage, you will have to create the needed Outputs and + // ClusterOutputs to ship the logs to your desired storage. + // + // Default is `opensearch`. + Type SpecDistributionModulesLoggingType `json:"type" yaml:"type" mapstructure:"type"` } -// DNS definition, used in conjunction with `externalDNS` package to automate DNS -// management and certificates emission. -type SpecDistributionModulesIngressDNS struct { +// DEPRECATED since KFD v1.26.6, 1.27.5, v1.28.0. +type SpecDistributionModulesLoggingCerebro struct { // Overrides corresponds to the JSON schema field "overrides". Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +} - // Private corresponds to the JSON schema field "private". - Private *SpecDistributionModulesIngressDNSPrivate `json:"private,omitempty" yaml:"private,omitempty" mapstructure:"private,omitempty"` +// When using the `customOutputs` logging type, you need to manually specify the +// spec of the several `Output` and `ClusterOutputs` that the Logging Operator +// expects to forward the logs collected by the pre-defined flows. +type SpecDistributionModulesLoggingCustomOutputs struct { + // This value defines where the output from the `audit` Flow will be sent. This + // will be the `spec` section of the `Output` object. It must be a string (and not + // a YAML object) following the OutputSpec definition. Use the `nullout` output to + // discard the flow: `nullout: {}` + Audit string `json:"audit" yaml:"audit" mapstructure:"audit"` + + // This value defines where the output from the `errors` Flow will be sent. This + // will be the `spec` section of the `Output` object. It must be a string (and not + // a YAML object) following the OutputSpec definition. Use the `nullout` output to + // discard the flow: `nullout: {}` + Errors string `json:"errors" yaml:"errors" mapstructure:"errors"` + + // This value defines where the output from the `events` Flow will be sent. This + // will be the `spec` section of the `Output` object. It must be a string (and not + // a YAML object) following the OutputSpec definition. Use the `nullout` output to + // discard the flow: `nullout: {}` + Events string `json:"events" yaml:"events" mapstructure:"events"` + + // This value defines where the output from the `infra` Flow will be sent. This + // will be the `spec` section of the `Output` object. It must be a string (and not + // a YAML object) following the OutputSpec definition. Use the `nullout` output to + // discard the flow: `nullout: {}` + Infra string `json:"infra" yaml:"infra" mapstructure:"infra"` + + // This value defines where the output from the `ingressNginx` Flow will be sent. + // This will be the `spec` section of the `Output` object. It must be a string + // (and not a YAML object) following the OutputSpec definition. Use the `nullout` + // output to discard the flow: `nullout: {}` + IngressNginx string `json:"ingressNginx" yaml:"ingressNginx" mapstructure:"ingressNginx"` + + // This value defines where the output from the `kubernetes` Flow will be sent. + // This will be the `spec` section of the `Output` object. It must be a string + // (and not a YAML object) following the OutputSpec definition. Use the `nullout` + // output to discard the flow: `nullout: {}` + Kubernetes string `json:"kubernetes" yaml:"kubernetes" mapstructure:"kubernetes"` + + // This value defines where the output from the `systemdCommon` Flow will be sent. + // This will be the `spec` section of the `Output` object. It must be a string + // (and not a YAML object) following the OutputSpec definition. Use the `nullout` + // output to discard the flow: `nullout: {}` + SystemdCommon string `json:"systemdCommon" yaml:"systemdCommon" mapstructure:"systemdCommon"` + + // This value defines where the output from the `systemdEtcd` Flow will be sent. + // This will be the `spec` section of the `Output` object. It must be a string + // (and not a YAML object) following the OutputSpec definition. Use the `nullout` + // output to discard the flow: `nullout: {}` + SystemdEtcd string `json:"systemdEtcd" yaml:"systemdEtcd" mapstructure:"systemdEtcd"` +} + +// Configuration for the Loki package. +type SpecDistributionModulesLoggingLoki struct { + // The storage backend type for Loki. `minio` will use an in-cluster MinIO + // deployment for object storage, `externalEndpoint` can be used to point to an + // external object storage instead of deploying an in-cluster MinIO. + Backend *SpecDistributionModulesLoggingLokiBackend `json:"backend,omitempty" yaml:"backend,omitempty" mapstructure:"backend,omitempty"` + + // Configuration for Loki's external storage backend. + ExternalEndpoint *SpecDistributionModulesLoggingLokiExternalEndpoint `json:"externalEndpoint,omitempty" yaml:"externalEndpoint,omitempty" mapstructure:"externalEndpoint,omitempty"` + + // Resources corresponds to the JSON schema field "resources". + Resources *TypesKubeResources `json:"resources,omitempty" yaml:"resources,omitempty" mapstructure:"resources,omitempty"` + + // Starting from versions 1.28.4, 1.29.5 and 1.30.0 of KFD, Loki will change the + // time series database from BoltDB to TSDB and the schema from v11 to v13 that it + // uses to store the logs. + // + // The value of this field will determine the date when Loki will start writing + // using the new TSDB and the schema v13, always at midnight UTC. The old BoltDB + // and schema will be kept until they expire for reading purposes. + // + // Value must be a string in `ISO 8601` date format (`yyyy-mm-dd`). Example: + // `2024-11-18`. + TsdbStartDate types.SerializableDate `json:"tsdbStartDate" yaml:"tsdbStartDate" mapstructure:"tsdbStartDate"` +} + +type SpecDistributionModulesLoggingLokiBackend string + +const ( + SpecDistributionModulesLoggingLokiBackendExternalEndpoint SpecDistributionModulesLoggingLokiBackend = "externalEndpoint" + SpecDistributionModulesLoggingLokiBackendMinio SpecDistributionModulesLoggingLokiBackend = "minio" +) + +// Configuration for Loki's external storage backend. +type SpecDistributionModulesLoggingLokiExternalEndpoint struct { + // The access key ID (username) for the external S3-compatible bucket. + AccessKeyId *string `json:"accessKeyId,omitempty" yaml:"accessKeyId,omitempty" mapstructure:"accessKeyId,omitempty"` + + // The bucket name of the external S3-compatible object storage. + BucketName *string `json:"bucketName,omitempty" yaml:"bucketName,omitempty" mapstructure:"bucketName,omitempty"` + + // External S3-compatible endpoint for Loki's storage. + Endpoint *string `json:"endpoint,omitempty" yaml:"endpoint,omitempty" mapstructure:"endpoint,omitempty"` + + // If true, will use HTTP as protocol instead of HTTPS. + Insecure *bool `json:"insecure,omitempty" yaml:"insecure,omitempty" mapstructure:"insecure,omitempty"` + + // The secret access key (password) for the external S3-compatible bucket. + SecretAccessKey *string `json:"secretAccessKey,omitempty" yaml:"secretAccessKey,omitempty" mapstructure:"secretAccessKey,omitempty"` +} + +// Configuration for Logging's MinIO deployment. +type SpecDistributionModulesLoggingMinio struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // RootUser corresponds to the JSON schema field "rootUser". + RootUser *SpecDistributionModulesLoggingMinioRootUser `json:"rootUser,omitempty" yaml:"rootUser,omitempty" mapstructure:"rootUser,omitempty"` + + // The PVC size for each MinIO disk, 6 disks total. + StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` +} + +type SpecDistributionModulesLoggingMinioRootUser struct { + // The password for the default MinIO root user. + Password *string `json:"password,omitempty" yaml:"password,omitempty" mapstructure:"password,omitempty"` + + // The username for the default MinIO root user. + Username *string `json:"username,omitempty" yaml:"username,omitempty" mapstructure:"username,omitempty"` +} + +type SpecDistributionModulesLoggingOpensearch struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // Resources corresponds to the JSON schema field "resources". + Resources *TypesKubeResources `json:"resources,omitempty" yaml:"resources,omitempty" mapstructure:"resources,omitempty"` + + // The storage size for the OpenSearch volumes. Follows Kubernetes resources + // storage requests. Default is `150Gi`. + StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` + + // The type of OpenSearch deployment. One of: `single` for a single replica or + // `triple` for an HA 3-replicas deployment. + Type SpecDistributionModulesLoggingOpensearchType `json:"type" yaml:"type" mapstructure:"type"` +} + +type SpecDistributionModulesLoggingOpensearchType string + +const ( + SpecDistributionModulesLoggingOpensearchTypeSingle SpecDistributionModulesLoggingOpensearchType = "single" + SpecDistributionModulesLoggingOpensearchTypeTriple SpecDistributionModulesLoggingOpensearchType = "triple" +) + +// Configuration for the Logging Operator. +type SpecDistributionModulesLoggingOperator struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +} + +type SpecDistributionModulesLoggingType string + +const ( + SpecDistributionModulesLoggingTypeCustomOutputs SpecDistributionModulesLoggingType = "customOutputs" + SpecDistributionModulesLoggingTypeLoki SpecDistributionModulesLoggingType = "loki" + SpecDistributionModulesLoggingTypeNone SpecDistributionModulesLoggingType = "none" + SpecDistributionModulesLoggingTypeOpensearch SpecDistributionModulesLoggingType = "opensearch" +) + +// Configuration for the Monitoring module. +type SpecDistributionModulesMonitoring struct { + // Alertmanager corresponds to the JSON schema field "alertmanager". + Alertmanager *SpecDistributionModulesMonitoringAlertManager `json:"alertmanager,omitempty" yaml:"alertmanager,omitempty" mapstructure:"alertmanager,omitempty"` + + // BlackboxExporter corresponds to the JSON schema field "blackboxExporter". + BlackboxExporter *SpecDistributionModulesMonitoringBlackboxExporter `json:"blackboxExporter,omitempty" yaml:"blackboxExporter,omitempty" mapstructure:"blackboxExporter,omitempty"` + + // Grafana corresponds to the JSON schema field "grafana". + Grafana *SpecDistributionModulesMonitoringGrafana `json:"grafana,omitempty" yaml:"grafana,omitempty" mapstructure:"grafana,omitempty"` + + // KubeStateMetrics corresponds to the JSON schema field "kubeStateMetrics". + KubeStateMetrics *SpecDistributionModulesMonitoringKubeStateMetrics `json:"kubeStateMetrics,omitempty" yaml:"kubeStateMetrics,omitempty" mapstructure:"kubeStateMetrics,omitempty"` + + // Mimir corresponds to the JSON schema field "mimir". + Mimir *SpecDistributionModulesMonitoringMimir `json:"mimir,omitempty" yaml:"mimir,omitempty" mapstructure:"mimir,omitempty"` + + // Minio corresponds to the JSON schema field "minio". + Minio *SpecDistributionModulesMonitoringMinio `json:"minio,omitempty" yaml:"minio,omitempty" mapstructure:"minio,omitempty"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // Prometheus corresponds to the JSON schema field "prometheus". + Prometheus *SpecDistributionModulesMonitoringPrometheus `json:"prometheus,omitempty" yaml:"prometheus,omitempty" mapstructure:"prometheus,omitempty"` + + // PrometheusAgent corresponds to the JSON schema field "prometheusAgent". + PrometheusAgent *SpecDistributionModulesMonitoringPrometheusAgent `json:"prometheusAgent,omitempty" yaml:"prometheusAgent,omitempty" mapstructure:"prometheusAgent,omitempty"` + + // The type of the monitoring, must be `none`, `prometheus`, `prometheusAgent` or + // `mimir`. + // + // - `none`: will disable the whole monitoring stack. + // - `prometheus`: will install Prometheus Operator and a preconfigured Prometheus + // instance, Alertmanager, a set of alert rules, exporters needed to monitor all + // the components of the cluster, Grafana and a series of dashboards to view the + // collected metrics, and more. + // - `prometheusAgent`: will install Prometheus operator, an instance of + // Prometheus in Agent mode (no alerting, no queries, no storage), and all the + // exporters needed to get metrics for the status of the cluster and the + // workloads. Useful when having a centralized (remote) Prometheus where to ship + // the metrics and not storing them locally in the cluster. + // - `mimir`: will install the same as the `prometheus` option, plus Grafana Mimir + // that allows for longer retention of metrics and the usage of Object Storage. + // + // Default is `prometheus`. + Type SpecDistributionModulesMonitoringType `json:"type" yaml:"type" mapstructure:"type"` + + // X509Exporter corresponds to the JSON schema field "x509Exporter". + X509Exporter *SpecDistributionModulesMonitoringX509Exporter `json:"x509Exporter,omitempty" yaml:"x509Exporter,omitempty" mapstructure:"x509Exporter,omitempty"` +} + +type SpecDistributionModulesMonitoringAlertManager struct { + // The webhook URL to send dead man's switch monitoring, for example to use with + // healthchecks.io. + DeadManSwitchWebhookUrl *string `json:"deadManSwitchWebhookUrl,omitempty" yaml:"deadManSwitchWebhookUrl,omitempty" mapstructure:"deadManSwitchWebhookUrl,omitempty"` + + // Set to false to avoid installing the Prometheus rules (alerts) included with + // the distribution. + InstallDefaultRules *bool `json:"installDefaultRules,omitempty" yaml:"installDefaultRules,omitempty" mapstructure:"installDefaultRules,omitempty"` + + // The Slack webhook URL where to send the infrastructural and workload alerts to. + SlackWebhookUrl *string `json:"slackWebhookUrl,omitempty" yaml:"slackWebhookUrl,omitempty" mapstructure:"slackWebhookUrl,omitempty"` +} + +type SpecDistributionModulesMonitoringBlackboxExporter struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +} + +type SpecDistributionModulesMonitoringGrafana struct { + // Setting this to true will deploy an additional `grafana-basic-auth` ingress + // protected with Grafana's basic auth instead of SSO. It's intended use is as a + // temporary ingress for when there are problems with the SSO login flow. + // + // Notice that by default anonymous access is enabled. + BasicAuthIngress *bool `json:"basicAuthIngress,omitempty" yaml:"basicAuthIngress,omitempty" mapstructure:"basicAuthIngress,omitempty"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // [JMESPath](http://jmespath.org/examples.html) expression to retrieve the user's + // role. Example: + // + // ```yaml + // usersRoleAttributePath: "contains(groups[*], 'beta') && 'Admin' || + // contains(groups[*], 'gamma') && 'Editor' || contains(groups[*], 'delta') && + // 'Viewer' + // ``` + // + // More details in [Grafana's + // documentation](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/generic-oauth/#configure-role-mapping). + UsersRoleAttributePath *string `json:"usersRoleAttributePath,omitempty" yaml:"usersRoleAttributePath,omitempty" mapstructure:"usersRoleAttributePath,omitempty"` +} + +type SpecDistributionModulesMonitoringKubeStateMetrics struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +} + +// Configuration for the Mimir package. +type SpecDistributionModulesMonitoringMimir struct { + // The storage backend type for Mimir. `minio` will use an in-cluster MinIO + // deployment for object storage, `externalEndpoint` can be used to point to an + // external S3-compatible object storage instead of deploying an in-cluster MinIO. + Backend *SpecDistributionModulesMonitoringMimirBackend `json:"backend,omitempty" yaml:"backend,omitempty" mapstructure:"backend,omitempty"` + + // Configuration for Mimir's external storage backend. + ExternalEndpoint *SpecDistributionModulesMonitoringMimirExternalEndpoint `json:"externalEndpoint,omitempty" yaml:"externalEndpoint,omitempty" mapstructure:"externalEndpoint,omitempty"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // The retention time for the logs stored in Mimir. Default is `30d`. Value must + // match the regular expression `[0-9]+(ns|us|µs|ms|s|m|h|d|w|y)` where y = 365 + // days. + RetentionTime *string `json:"retentionTime,omitempty" yaml:"retentionTime,omitempty" mapstructure:"retentionTime,omitempty"` +} + +type SpecDistributionModulesMonitoringMimirBackend string + +const ( + SpecDistributionModulesMonitoringMimirBackendExternalEndpoint SpecDistributionModulesMonitoringMimirBackend = "externalEndpoint" + SpecDistributionModulesMonitoringMimirBackendMinio SpecDistributionModulesMonitoringMimirBackend = "minio" +) + +// Configuration for Mimir's external storage backend. +type SpecDistributionModulesMonitoringMimirExternalEndpoint struct { + // The access key ID (username) for the external S3-compatible bucket. + AccessKeyId *string `json:"accessKeyId,omitempty" yaml:"accessKeyId,omitempty" mapstructure:"accessKeyId,omitempty"` + + // The bucket name of the external S3-compatible object storage. + BucketName *string `json:"bucketName,omitempty" yaml:"bucketName,omitempty" mapstructure:"bucketName,omitempty"` + + // The external S3-compatible endpoint for Mimir's storage. + Endpoint *string `json:"endpoint,omitempty" yaml:"endpoint,omitempty" mapstructure:"endpoint,omitempty"` + + // If true, will use HTTP as protocol instead of HTTPS. + Insecure *bool `json:"insecure,omitempty" yaml:"insecure,omitempty" mapstructure:"insecure,omitempty"` + + // The secret access key (password) for the external S3-compatible bucket. + SecretAccessKey *string `json:"secretAccessKey,omitempty" yaml:"secretAccessKey,omitempty" mapstructure:"secretAccessKey,omitempty"` +} + +// Configuration for Monitoring's MinIO deployment. +type SpecDistributionModulesMonitoringMinio struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // RootUser corresponds to the JSON schema field "rootUser". + RootUser *SpecDistributionModulesMonitoringMinioRootUser `json:"rootUser,omitempty" yaml:"rootUser,omitempty" mapstructure:"rootUser,omitempty"` + + // The PVC size for each MinIO disk, 6 disks total. + StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` +} + +type SpecDistributionModulesMonitoringMinioRootUser struct { + // The password for the default MinIO root user. + Password *string `json:"password,omitempty" yaml:"password,omitempty" mapstructure:"password,omitempty"` + + // The username for the default MinIO root user. + Username *string `json:"username,omitempty" yaml:"username,omitempty" mapstructure:"username,omitempty"` +} + +type SpecDistributionModulesMonitoringPrometheus struct { + // Set this option to ship the collected metrics to a remote Prometheus receiver. + // + // `remoteWrite` is an array of objects that allows configuring the + // [remoteWrite](https://prometheus.io/docs/specs/remote_write_spec/) options for + // Prometheus. The objects in the array follow [the same schema as in the + // prometheus + // operator](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.RemoteWriteSpec). + RemoteWrite []SpecDistributionModulesMonitoringPrometheusRemoteWriteElem `json:"remoteWrite,omitempty" yaml:"remoteWrite,omitempty" mapstructure:"remoteWrite,omitempty"` + + // Resources corresponds to the JSON schema field "resources". + Resources *TypesKubeResources `json:"resources,omitempty" yaml:"resources,omitempty" mapstructure:"resources,omitempty"` + + // The retention size for the `k8s` Prometheus instance. + RetentionSize *string `json:"retentionSize,omitempty" yaml:"retentionSize,omitempty" mapstructure:"retentionSize,omitempty"` + + // The retention time for the `k8s` Prometheus instance. + RetentionTime *string `json:"retentionTime,omitempty" yaml:"retentionTime,omitempty" mapstructure:"retentionTime,omitempty"` + + // The storage size for the `k8s` Prometheus instance. + StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` +} + +type SpecDistributionModulesMonitoringPrometheusAgent struct { + // Set this option to ship the collected metrics to a remote Prometheus receiver. + // + // `remoteWrite` is an array of objects that allows configuring the + // [remoteWrite](https://prometheus.io/docs/specs/remote_write_spec/) options for + // Prometheus. The objects in the array follow [the same schema as in the + // prometheus + // operator](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.RemoteWriteSpec). + RemoteWrite []SpecDistributionModulesMonitoringPrometheusAgentRemoteWriteElem `json:"remoteWrite,omitempty" yaml:"remoteWrite,omitempty" mapstructure:"remoteWrite,omitempty"` + + // Resources corresponds to the JSON schema field "resources". + Resources *TypesKubeResources `json:"resources,omitempty" yaml:"resources,omitempty" mapstructure:"resources,omitempty"` +} + +type SpecDistributionModulesMonitoringPrometheusAgentRemoteWriteElem map[string]interface{} + +type SpecDistributionModulesMonitoringPrometheusRemoteWriteElem map[string]interface{} + +type SpecDistributionModulesMonitoringType string + +const ( + SpecDistributionModulesMonitoringTypeMimir SpecDistributionModulesMonitoringType = "mimir" + SpecDistributionModulesMonitoringTypeNone SpecDistributionModulesMonitoringType = "none" + SpecDistributionModulesMonitoringTypePrometheus SpecDistributionModulesMonitoringType = "prometheus" + SpecDistributionModulesMonitoringTypePrometheusAgent SpecDistributionModulesMonitoringType = "prometheusAgent" +) + +type SpecDistributionModulesMonitoringX509Exporter struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +} + +// Configuration for the Networking module. +type SpecDistributionModulesNetworking struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // TigeraOperator corresponds to the JSON schema field "tigeraOperator". + TigeraOperator *SpecDistributionModulesNetworkingTigeraOperator `json:"tigeraOperator,omitempty" yaml:"tigeraOperator,omitempty" mapstructure:"tigeraOperator,omitempty"` + + // Type corresponds to the JSON schema field "type". + Type *SpecDistributionModulesNetworkingType `json:"type,omitempty" yaml:"type,omitempty" mapstructure:"type,omitempty"` +} + +type SpecDistributionModulesNetworkingTigeraOperator struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +} + +type SpecDistributionModulesNetworkingType string + +const SpecDistributionModulesNetworkingTypeNone SpecDistributionModulesNetworkingType = "none" + +// Configuration for the Policy module. +type SpecDistributionModulesPolicy struct { + // Gatekeeper corresponds to the JSON schema field "gatekeeper". + Gatekeeper *SpecDistributionModulesPolicyGatekeeper `json:"gatekeeper,omitempty" yaml:"gatekeeper,omitempty" mapstructure:"gatekeeper,omitempty"` + + // Kyverno corresponds to the JSON schema field "kyverno". + Kyverno *SpecDistributionModulesPolicyKyverno `json:"kyverno,omitempty" yaml:"kyverno,omitempty" mapstructure:"kyverno,omitempty"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // The type of policy enforcement to use, either `none`, `gatekeeper` or + // `kyverno`. + // + // Default is `none`. + Type SpecDistributionModulesPolicyType `json:"type" yaml:"type" mapstructure:"type"` +} + +// Configuration for the Gatekeeper package. +type SpecDistributionModulesPolicyGatekeeper struct { + // This parameter adds namespaces to Gatekeeper's exemption list, so it will not + // enforce the constraints on them. + AdditionalExcludedNamespaces []string `json:"additionalExcludedNamespaces,omitempty" yaml:"additionalExcludedNamespaces,omitempty" mapstructure:"additionalExcludedNamespaces,omitempty"` + + // The default enforcement action to use for the included constraints. `deny` will + // block the admission when violations to the policies are found, `warn` will show + // a message to the user but will admit the violating requests and `dryrun` won't + // give any feedback to the user but it will log the violations. + EnforcementAction SpecDistributionModulesPolicyGatekeeperEnforcementAction `json:"enforcementAction" yaml:"enforcementAction" mapstructure:"enforcementAction"` + + // Set to `false` to avoid installing the default Gatekeeper policies (constraints + // templates and constraints) included with the distribution. + InstallDefaultPolicies bool `json:"installDefaultPolicies" yaml:"installDefaultPolicies" mapstructure:"installDefaultPolicies"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +} + +type SpecDistributionModulesPolicyGatekeeperEnforcementAction string + +const ( + SpecDistributionModulesPolicyGatekeeperEnforcementActionDeny SpecDistributionModulesPolicyGatekeeperEnforcementAction = "deny" + SpecDistributionModulesPolicyGatekeeperEnforcementActionDryrun SpecDistributionModulesPolicyGatekeeperEnforcementAction = "dryrun" + SpecDistributionModulesPolicyGatekeeperEnforcementActionWarn SpecDistributionModulesPolicyGatekeeperEnforcementAction = "warn" +) + +// Configuration for the Kyverno package. +type SpecDistributionModulesPolicyKyverno struct { + // This parameter adds namespaces to Kyverno's exemption list, so it will not + // enforce the policies on them. + AdditionalExcludedNamespaces []string `json:"additionalExcludedNamespaces,omitempty" yaml:"additionalExcludedNamespaces,omitempty" mapstructure:"additionalExcludedNamespaces,omitempty"` + + // Set to `false` to avoid installing the default Kyverno policies included with + // distribution. + InstallDefaultPolicies bool `json:"installDefaultPolicies" yaml:"installDefaultPolicies" mapstructure:"installDefaultPolicies"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // The validation failure action to use for the included policies, `Enforce` will + // block when a request does not comply with the policies and `Audit` will not + // block but log when a request does not comply with the policies. + ValidationFailureAction SpecDistributionModulesPolicyKyvernoValidationFailureAction `json:"validationFailureAction" yaml:"validationFailureAction" mapstructure:"validationFailureAction"` +} + +type SpecDistributionModulesPolicyKyvernoValidationFailureAction string + +const ( + SpecDistributionModulesPolicyKyvernoValidationFailureActionAudit SpecDistributionModulesPolicyKyvernoValidationFailureAction = "Audit" + SpecDistributionModulesPolicyKyvernoValidationFailureActionEnforce SpecDistributionModulesPolicyKyvernoValidationFailureAction = "Enforce" +) + +type SpecDistributionModulesPolicyType string + +const ( + SpecDistributionModulesPolicyTypeGatekeeper SpecDistributionModulesPolicyType = "gatekeeper" + SpecDistributionModulesPolicyTypeKyverno SpecDistributionModulesPolicyType = "kyverno" + SpecDistributionModulesPolicyTypeNone SpecDistributionModulesPolicyType = "none" +) + +// Configuration for the Tracing module. +type SpecDistributionModulesTracing struct { + // Minio corresponds to the JSON schema field "minio". + Minio *SpecDistributionModulesTracingMinio `json:"minio,omitempty" yaml:"minio,omitempty" mapstructure:"minio,omitempty"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // Tempo corresponds to the JSON schema field "tempo". + Tempo *SpecDistributionModulesTracingTempo `json:"tempo,omitempty" yaml:"tempo,omitempty" mapstructure:"tempo,omitempty"` + + // The type of tracing to use, either `none` or `tempo`. `none` will disable the + // Tracing module and `tempo` will install a Grafana Tempo deployment. + // + // Default is `tempo`. + Type SpecDistributionModulesTracingType `json:"type" yaml:"type" mapstructure:"type"` +} + +// Configuration for Tracing's MinIO deployment. +type SpecDistributionModulesTracingMinio struct { + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // RootUser corresponds to the JSON schema field "rootUser". + RootUser *SpecDistributionModulesTracingMinioRootUser `json:"rootUser,omitempty" yaml:"rootUser,omitempty" mapstructure:"rootUser,omitempty"` + + // The PVC size for each MinIO disk, 6 disks total. + StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` +} + +type SpecDistributionModulesTracingMinioRootUser struct { + // The password for the default MinIO root user. + Password *string `json:"password,omitempty" yaml:"password,omitempty" mapstructure:"password,omitempty"` + + // The username for the default MinIO root user. + Username *string `json:"username,omitempty" yaml:"username,omitempty" mapstructure:"username,omitempty"` +} + +// Configuration for the Tempo package. +type SpecDistributionModulesTracingTempo struct { + // The storage backend type for Tempo. `minio` will use an in-cluster MinIO + // deployment for object storage, `externalEndpoint` can be used to point to an + // external S3-compatible object storage instead of deploying an in-cluster MinIO. + Backend *SpecDistributionModulesTracingTempoBackend `json:"backend,omitempty" yaml:"backend,omitempty" mapstructure:"backend,omitempty"` + + // Configuration for Tempo's external storage backend. + ExternalEndpoint *SpecDistributionModulesTracingTempoExternalEndpoint `json:"externalEndpoint,omitempty" yaml:"externalEndpoint,omitempty" mapstructure:"externalEndpoint,omitempty"` + + // Overrides corresponds to the JSON schema field "overrides". + Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + + // The retention time for the traces stored in Tempo. + RetentionTime *string `json:"retentionTime,omitempty" yaml:"retentionTime,omitempty" mapstructure:"retentionTime,omitempty"` +} + +type SpecDistributionModulesTracingTempoBackend string + +const ( + SpecDistributionModulesTracingTempoBackendExternalEndpoint SpecDistributionModulesTracingTempoBackend = "externalEndpoint" + SpecDistributionModulesTracingTempoBackendMinio SpecDistributionModulesTracingTempoBackend = "minio" +) + +// Configuration for Tempo's external storage backend. +type SpecDistributionModulesTracingTempoExternalEndpoint struct { + // The access key ID (username) for the external S3-compatible bucket. + AccessKeyId *string `json:"accessKeyId,omitempty" yaml:"accessKeyId,omitempty" mapstructure:"accessKeyId,omitempty"` + + // The bucket name of the external S3-compatible object storage. + BucketName *string `json:"bucketName,omitempty" yaml:"bucketName,omitempty" mapstructure:"bucketName,omitempty"` + + // The external S3-compatible endpoint for Tempo's storage. + Endpoint *string `json:"endpoint,omitempty" yaml:"endpoint,omitempty" mapstructure:"endpoint,omitempty"` + + // If true, will use HTTP as protocol instead of HTTPS. + Insecure *bool `json:"insecure,omitempty" yaml:"insecure,omitempty" mapstructure:"insecure,omitempty"` + + // The secret access key (password) for the external S3-compatible bucket. + SecretAccessKey *string `json:"secretAccessKey,omitempty" yaml:"secretAccessKey,omitempty" mapstructure:"secretAccessKey,omitempty"` +} + +type SpecDistributionModulesTracingType string + +const ( + SpecDistributionModulesTracingTypeNone SpecDistributionModulesTracingType = "none" + SpecDistributionModulesTracingTypeTempo SpecDistributionModulesTracingType = "tempo" +) + +type SpecInfrastructure struct { + // Vpc corresponds to the JSON schema field "vpc". + Vpc *SpecInfrastructureVpc `json:"vpc,omitempty" yaml:"vpc,omitempty" mapstructure:"vpc,omitempty"` + + // Vpn corresponds to the JSON schema field "vpn". + Vpn *SpecInfrastructureVpn `json:"vpn,omitempty" yaml:"vpn,omitempty" mapstructure:"vpn,omitempty"` +} + +// Configuration for the VPC that will be created to host the EKS cluster and its +// related resources. If you already have a VPC that you want to use, leave this +// section empty and use `.spec.kubernetes.vpcId` instead. +type SpecInfrastructureVpc struct { + // Network corresponds to the JSON schema field "network". + Network SpecInfrastructureVpcNetwork `json:"network" yaml:"network" mapstructure:"network"` +} + +type SpecInfrastructureVpcNetwork struct { + // The network CIDR for the VPC that will be created + Cidr TypesCidr `json:"cidr" yaml:"cidr" mapstructure:"cidr"` + + // SubnetsCidrs corresponds to the JSON schema field "subnetsCidrs". + SubnetsCidrs SpecInfrastructureVpcNetworkSubnetsCidrs `json:"subnetsCidrs" yaml:"subnetsCidrs" mapstructure:"subnetsCidrs"` +} + +// Network CIDRS configuration for private and public subnets. +type SpecInfrastructureVpcNetworkSubnetsCidrs struct { + // The network CIDRs for the private subnets, where the nodes, the pods, and the + // private load balancers will be created + Private []TypesCidr `json:"private" yaml:"private" mapstructure:"private"` - // Public corresponds to the JSON schema field "public". - Public *SpecDistributionModulesIngressDNSPublic `json:"public,omitempty" yaml:"public,omitempty" mapstructure:"public,omitempty"` + // The network CIDRs for the public subnets, where the public load balancers and + // the VPN servers will be created + Public []TypesCidr `json:"public" yaml:"public" mapstructure:"public"` } -type SpecDistributionModulesIngressExternalDNS struct { - // PrivateIamRoleArn corresponds to the JSON schema field "privateIamRoleArn". - PrivateIamRoleArn TypesAwsArn `json:"privateIamRoleArn" yaml:"privateIamRoleArn" mapstructure:"privateIamRoleArn"` +// Configuration for the VPN server instances. +type SpecInfrastructureVpn struct { + // This value defines the prefix for the bucket name where the VPN servers will + // store their state (VPN certificates, users). + BucketNamePrefix *TypesAwsS3BucketNamePrefix `json:"bucketNamePrefix,omitempty" yaml:"bucketNamePrefix,omitempty" mapstructure:"bucketNamePrefix,omitempty"` - // PublicIamRoleArn corresponds to the JSON schema field "publicIamRoleArn". - PublicIamRoleArn TypesAwsArn `json:"publicIamRoleArn" yaml:"publicIamRoleArn" mapstructure:"publicIamRoleArn"` + // The `dhParamsBits` size used for the creation of the .pem file that will be + // used in the dh openvpn server.conf file. + DhParamsBits *int `json:"dhParamsBits,omitempty" yaml:"dhParamsBits,omitempty" mapstructure:"dhParamsBits,omitempty"` + + // The size of the disk in GB for each VPN server. Example: entering `50` will + // create disks of 50 GB. + DiskSize *int `json:"diskSize,omitempty" yaml:"diskSize,omitempty" mapstructure:"diskSize,omitempty"` + + // Overrides IAM user name for the VPN. Default is to use the cluster name. + IamUserNameOverride *TypesAwsIamRoleName `json:"iamUserNameOverride,omitempty" yaml:"iamUserNameOverride,omitempty" mapstructure:"iamUserNameOverride,omitempty"` + + // The type of the AWS EC2 instance for each VPN server. Follows AWS EC2 + // nomenclature. Example: `t3-micro`. + InstanceType *string `json:"instanceType,omitempty" yaml:"instanceType,omitempty" mapstructure:"instanceType,omitempty"` + + // The number of VPN server instances to create, `0` to skip the creation. + Instances *int `json:"instances,omitempty" yaml:"instances,omitempty" mapstructure:"instances,omitempty"` + + // The username of the account to create in the bastion's operating system. + OperatorName *string `json:"operatorName,omitempty" yaml:"operatorName,omitempty" mapstructure:"operatorName,omitempty"` + + // The port where each OpenVPN server will listen for connections. + Port *TypesTcpPort `json:"port,omitempty" yaml:"port,omitempty" mapstructure:"port,omitempty"` + + // Ssh corresponds to the JSON schema field "ssh". + Ssh SpecInfrastructureVpnSsh `json:"ssh" yaml:"ssh" mapstructure:"ssh"` + + // The ID of the VPC where the VPN server instances will be created, required only + // if `.spec.infrastructure.vpc` is omitted. + VpcId *TypesAwsVpcId `json:"vpcId,omitempty" yaml:"vpcId,omitempty" mapstructure:"vpcId,omitempty"` + + // The network CIDR that will be used to assign IP addresses to the VPN clients + // when connected. + VpnClientsSubnetCidr TypesCidr `json:"vpnClientsSubnetCidr" yaml:"vpnClientsSubnetCidr" mapstructure:"vpnClientsSubnetCidr"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressExternalDNS) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["privateIamRoleArn"]; !ok || v == nil { - return fmt.Errorf("field privateIamRoleArn in SpecDistributionModulesIngressExternalDNS: required") - } - if v, ok := raw["publicIamRoleArn"]; !ok || v == nil { - return fmt.Errorf("field publicIamRoleArn in SpecDistributionModulesIngressExternalDNS: required") - } - type Plain SpecDistributionModulesIngressExternalDNS - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressExternalDNS(plain) - return nil +type SpecInfrastructureVpnSsh struct { + // The network CIDR enabled in the security group to access the VPN servers + // (bastions) via SSH. Setting this to `0.0.0.0/0` will allow any source. + AllowedFromCidrs []TypesCidr `json:"allowedFromCidrs" yaml:"allowedFromCidrs" mapstructure:"allowedFromCidrs"` + + // List of GitHub usernames from whom get their SSH public key and add as + // authorized keys of the `operatorName` user. + GithubUsersName []string `json:"githubUsersName" yaml:"githubUsersName" mapstructure:"githubUsersName"` + + // **NOT IN USE**, use `githubUsersName` instead. This value defines the public + // keys that will be added to the bastion's operating system. + PublicKeys []interface{} `json:"publicKeys,omitempty" yaml:"publicKeys,omitempty" mapstructure:"publicKeys,omitempty"` +} + +// Defines the Kubernetes components configuration and the values needed for the +// `kubernetes` phase of furyctl. +type SpecKubernetes struct { + // ApiServer corresponds to the JSON schema field "apiServer". + ApiServer SpecKubernetesAPIServer `json:"apiServer" yaml:"apiServer" mapstructure:"apiServer"` + + // AwsAuth corresponds to the JSON schema field "awsAuth". + AwsAuth *SpecKubernetesAwsAuth `json:"awsAuth,omitempty" yaml:"awsAuth,omitempty" mapstructure:"awsAuth,omitempty"` + + // Overrides the default prefix for the IAM role name of the EKS cluster. If not + // set, a name will be generated from the cluster name. + ClusterIAMRoleNamePrefixOverride *TypesAwsIamRoleNamePrefix `json:"clusterIAMRoleNamePrefixOverride,omitempty" yaml:"clusterIAMRoleNamePrefixOverride,omitempty" mapstructure:"clusterIAMRoleNamePrefixOverride,omitempty"` + + // Optional Kubernetes Cluster log retention in CloudWatch, expressed in days. + // Setting the value to zero (`0`) makes retention last forever. Default is `90` + // days. + LogRetentionDays *SpecKubernetesLogRetentionDays `json:"logRetentionDays,omitempty" yaml:"logRetentionDays,omitempty" mapstructure:"logRetentionDays,omitempty"` + + // Optional list of Kubernetes Cluster log types to enable. Defaults to all types. + LogsTypes []SpecKubernetesLogsTypesElem `json:"logsTypes,omitempty" yaml:"logsTypes,omitempty" mapstructure:"logsTypes,omitempty"` + + // The SSH public key that can connect to the nodes via SSH using the `ec2-user` + // user. Example: the contents of your `~/.ssh/id_ras.pub` file. + NodeAllowedSshPublicKey interface{} `json:"nodeAllowedSshPublicKey" yaml:"nodeAllowedSshPublicKey" mapstructure:"nodeAllowedSshPublicKey"` + + // Global default AMI type used for EKS worker nodes. This will apply to all node + // pools unless overridden by a specific node pool. + NodePoolGlobalAmiType SpecKubernetesNodePoolGlobalAmiType `json:"nodePoolGlobalAmiType" yaml:"nodePoolGlobalAmiType" mapstructure:"nodePoolGlobalAmiType"` + + // NodePools corresponds to the JSON schema field "nodePools". + NodePools []SpecKubernetesNodePool `json:"nodePools" yaml:"nodePools" mapstructure:"nodePools"` + + // NodePoolsCommon corresponds to the JSON schema field "nodePoolsCommon". + NodePoolsCommon *SpecKubernetesNodePoolsCommon `json:"nodePoolsCommon,omitempty" yaml:"nodePoolsCommon,omitempty" mapstructure:"nodePoolsCommon,omitempty"` + + // Accepted values are `launch_configurations`, `launch_templates` or `both`. For + // new clusters use `launch_templates`, for adopting an existing cluster you'll + // need to migrate from `launch_configurations` to `launch_templates` using `both` + // as interim. + NodePoolsLaunchKind SpecKubernetesNodePoolsLaunchKind `json:"nodePoolsLaunchKind" yaml:"nodePoolsLaunchKind" mapstructure:"nodePoolsLaunchKind"` + + // This value defines the network CIDR that will be used to assign IP addresses to + // Kubernetes services. + ServiceIpV4Cidr *TypesCidr `json:"serviceIpV4Cidr,omitempty" yaml:"serviceIpV4Cidr,omitempty" mapstructure:"serviceIpV4Cidr,omitempty"` + + // Required only if `.spec.infrastructure.vpc` is omitted. This value defines the + // ID of the subnet where the EKS cluster will be created. + SubnetIds []TypesAwsSubnetId `json:"subnetIds,omitempty" yaml:"subnetIds,omitempty" mapstructure:"subnetIds,omitempty"` + + // Required only if `.spec.infrastructure.vpc` is omitted. This value defines the + // ID of the VPC where the EKS cluster and its related resources will be created. + VpcId *TypesAwsVpcId `json:"vpcId,omitempty" yaml:"vpcId,omitempty" mapstructure:"vpcId,omitempty"` + + // Overrides the default prefix for the IAM role name of the EKS workers. If not + // set, a name will be generated from the cluster name. + WorkersIAMRoleNamePrefixOverride *TypesAwsIamRoleNamePrefix `json:"workersIAMRoleNamePrefixOverride,omitempty" yaml:"workersIAMRoleNamePrefixOverride,omitempty" mapstructure:"workersIAMRoleNamePrefixOverride,omitempty"` +} + +type SpecKubernetesAPIServer struct { + // This value defines if the Kubernetes API server will be accessible from the + // private subnets. Default it `true`. + PrivateAccess bool `json:"privateAccess" yaml:"privateAccess" mapstructure:"privateAccess"` + + // The network CIDRs from the private subnets that will be allowed access the + // Kubernetes API server. + PrivateAccessCidrs []TypesCidr `json:"privateAccessCidrs,omitempty" yaml:"privateAccessCidrs,omitempty" mapstructure:"privateAccessCidrs,omitempty"` + + // This value defines if the Kubernetes API server will be accessible from the + // public subnets. Default is `false`. + PublicAccess bool `json:"publicAccess" yaml:"publicAccess" mapstructure:"publicAccess"` + + // The network CIDRs from the public subnets that will be allowed access the + // Kubernetes API server. + PublicAccessCidrs []TypesCidr `json:"publicAccessCidrs,omitempty" yaml:"publicAccessCidrs,omitempty" mapstructure:"publicAccessCidrs,omitempty"` +} + +// Optional additional security configuration for EKS IAM via the `aws-auth` +// configmap. +// +// Ref: https://docs.aws.amazon.com/eks/latest/userguide/auth-configmap.html +type SpecKubernetesAwsAuth struct { + // This optional array defines additional AWS accounts that will be added to the + // `aws-auth` configmap. + AdditionalAccounts []string `json:"additionalAccounts,omitempty" yaml:"additionalAccounts,omitempty" mapstructure:"additionalAccounts,omitempty"` + + // This optional array defines additional IAM roles that will be added to the + // `aws-auth` configmap. + Roles []SpecKubernetesAwsAuthRole `json:"roles,omitempty" yaml:"roles,omitempty" mapstructure:"roles,omitempty"` + + // This optional array defines additional IAM users that will be added to the + // `aws-auth` configmap. + Users []SpecKubernetesAwsAuthUser `json:"users,omitempty" yaml:"users,omitempty" mapstructure:"users,omitempty"` +} + +type SpecKubernetesAwsAuthRole struct { + // Groups corresponds to the JSON schema field "groups". + Groups []string `json:"groups" yaml:"groups" mapstructure:"groups"` + + // Rolearn corresponds to the JSON schema field "rolearn". + Rolearn TypesAwsArn `json:"rolearn" yaml:"rolearn" mapstructure:"rolearn"` + + // Username corresponds to the JSON schema field "username". + Username string `json:"username" yaml:"username" mapstructure:"username"` +} + +type SpecKubernetesAwsAuthUser struct { + // Groups corresponds to the JSON schema field "groups". + Groups []string `json:"groups" yaml:"groups" mapstructure:"groups"` + + // Userarn corresponds to the JSON schema field "userarn". + Userarn TypesAwsArn `json:"userarn" yaml:"userarn" mapstructure:"userarn"` + + // Username corresponds to the JSON schema field "username". + Username string `json:"username" yaml:"username" mapstructure:"username"` +} + +type SpecKubernetesLogRetentionDays int + +type SpecKubernetesLogsTypesElem string + +const ( + SpecKubernetesLogsTypesElemApi SpecKubernetesLogsTypesElem = "api" + SpecKubernetesLogsTypesElemAudit SpecKubernetesLogsTypesElem = "audit" + SpecKubernetesLogsTypesElemAuthenticator SpecKubernetesLogsTypesElem = "authenticator" + SpecKubernetesLogsTypesElemControllerManager SpecKubernetesLogsTypesElem = "controllerManager" + SpecKubernetesLogsTypesElemScheduler SpecKubernetesLogsTypesElem = "scheduler" +) + +// Array with all the node pool definitions that will join the cluster. Each item +// is an object. +type SpecKubernetesNodePool struct { + // AdditionalFirewallRules corresponds to the JSON schema field + // "additionalFirewallRules". + AdditionalFirewallRules *SpecKubernetesNodePoolAdditionalFirewallRules `json:"additionalFirewallRules,omitempty" yaml:"additionalFirewallRules,omitempty" mapstructure:"additionalFirewallRules,omitempty"` + + // Ami corresponds to the JSON schema field "ami". + Ami *SpecKubernetesNodePoolAmi `json:"ami,omitempty" yaml:"ami,omitempty" mapstructure:"ami,omitempty"` + + // This optional array defines additional target groups to attach to the instances + // in the node pool. + AttachedTargetGroups []TypesAwsArn `json:"attachedTargetGroups,omitempty" yaml:"attachedTargetGroups,omitempty" mapstructure:"attachedTargetGroups,omitempty"` + + // The container runtime to use in the nodes of the node pool. Default is + // `containerd`. + ContainerRuntime *SpecKubernetesNodePoolContainerRuntime `json:"containerRuntime,omitempty" yaml:"containerRuntime,omitempty" mapstructure:"containerRuntime,omitempty"` + + // Instance corresponds to the JSON schema field "instance". + Instance SpecKubernetesNodePoolInstance `json:"instance" yaml:"instance" mapstructure:"instance"` + + // Kubernetes labels that will be added to the nodes. + Labels TypesKubeLabels_1 `json:"labels,omitempty" yaml:"labels,omitempty" mapstructure:"labels,omitempty"` + + // The name of the node pool. + Name string `json:"name" yaml:"name" mapstructure:"name"` + + // Size corresponds to the JSON schema field "size". + Size SpecKubernetesNodePoolSize `json:"size" yaml:"size" mapstructure:"size"` + + // Optional list of subnet IDs where to create the nodes. + SubnetIds []TypesAwsSubnetId `json:"subnetIds,omitempty" yaml:"subnetIds,omitempty" mapstructure:"subnetIds,omitempty"` + + // AWS tags that will be added to the ASG and EC2 instances. + Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` + + // Kubernetes taints that will be added to the nodes. + Taints TypesKubeTaints `json:"taints,omitempty" yaml:"taints,omitempty" mapstructure:"taints,omitempty"` + + // The type of Node Pool, can be `self-managed` for using customization like + // custom AMI, set max pods per node or `eks-managed` for using prebuilt AMIs from + // Amazon via the `ami.type` field. It is recommended to use `self-managed`. + Type SpecKubernetesNodePoolType `json:"type" yaml:"type" mapstructure:"type"` } -type SpecDistributionModulesIngressForecastle struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` -} +type SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlock struct { + // CidrBlocks corresponds to the JSON schema field "cidrBlocks". + CidrBlocks []TypesCidr `json:"cidrBlocks" yaml:"cidrBlocks" mapstructure:"cidrBlocks"` -type SpecDistributionModulesIngressNginxTLSProvider string + // Name corresponds to the JSON schema field "name". + Name string `json:"name" yaml:"name" mapstructure:"name"` -var enumValues_SpecDistributionModulesIngressNginxTLSProvider = []interface{}{ - "certManager", - "secret", - "none", -} + // Ports corresponds to the JSON schema field "ports". + Ports SpecKubernetesNodePoolAdditionalFirewallRulePorts `json:"ports" yaml:"ports" mapstructure:"ports"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginxTLSProvider) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesIngressNginxTLSProvider { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressNginxTLSProvider, v) - } - *j = SpecDistributionModulesIngressNginxTLSProvider(v) - return nil + // Protocol corresponds to the JSON schema field "protocol". + Protocol TypesAwsIpProtocol `json:"protocol" yaml:"protocol" mapstructure:"protocol"` + + // Additional AWS tags for the Firewall rule. + Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` + + // The type of the Firewall rule, can be `ingress` for incoming traffic or + // `egress` for outgoing traffic. + Type SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType `json:"type" yaml:"type" mapstructure:"type"` } +type SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType string + const ( - SpecDistributionModulesIngressNginxTLSProviderCertManager SpecDistributionModulesIngressNginxTLSProvider = "certManager" - SpecDistributionModulesIngressNginxTLSProviderSecret SpecDistributionModulesIngressNginxTLSProvider = "secret" - SpecDistributionModulesIngressNginxTLSProviderNone SpecDistributionModulesIngressNginxTLSProvider = "none" + SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockTypeEgress SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType = "egress" + SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockTypeIngress SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType = "ingress" ) -// Kubernetes TLS secret for the ingresses TLS certificate. -type SpecDistributionModulesIngressNginxTLSSecret struct { - // The Certificate Authority certificate file's content. You can use the - // `"{file://}"` notation to get the content from a file. - Ca string `json:"ca" yaml:"ca" mapstructure:"ca"` - - // The certificate file's content. You can use the `"{file://}"` notation to - // get the content from a file. - Cert string `json:"cert" yaml:"cert" mapstructure:"cert"` +// Port range for the Firewall Rule. +type SpecKubernetesNodePoolAdditionalFirewallRulePorts struct { + // From corresponds to the JSON schema field "from". + From TypesTcpPort `json:"from" yaml:"from" mapstructure:"from"` - // The signing key file's content. You can use the `"{file://}"` notation to - // get the content from a file. - Key string `json:"key" yaml:"key" mapstructure:"key"` + // To corresponds to the JSON schema field "to". + To TypesTcpPort `json:"to" yaml:"to" mapstructure:"to"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginxTLSSecret) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["ca"]; !ok || v == nil { - return fmt.Errorf("field ca in SpecDistributionModulesIngressNginxTLSSecret: required") - } - if v, ok := raw["cert"]; !ok || v == nil { - return fmt.Errorf("field cert in SpecDistributionModulesIngressNginxTLSSecret: required") - } - if v, ok := raw["key"]; !ok || v == nil { - return fmt.Errorf("field key in SpecDistributionModulesIngressNginxTLSSecret: required") - } - type Plain SpecDistributionModulesIngressNginxTLSSecret - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressNginxTLSSecret(plain) - return nil -} +type SpecKubernetesNodePoolAdditionalFirewallRuleSelf struct { + // The name of the Firewall rule. + Name string `json:"name" yaml:"name" mapstructure:"name"` -type SpecDistributionModulesIngressNginxTLS struct { - // The provider of the TLS certificates for the ingresses, one of: `none`, - // `certManager`, or `secret`. - Provider SpecDistributionModulesIngressNginxTLSProvider `json:"provider" yaml:"provider" mapstructure:"provider"` + // Ports corresponds to the JSON schema field "ports". + Ports SpecKubernetesNodePoolAdditionalFirewallRulePorts `json:"ports" yaml:"ports" mapstructure:"ports"` - // Secret corresponds to the JSON schema field "secret". - Secret *SpecDistributionModulesIngressNginxTLSSecret `json:"secret,omitempty" yaml:"secret,omitempty" mapstructure:"secret,omitempty"` -} + // The protocol of the Firewall rule. + Protocol TypesAwsIpProtocol `json:"protocol" yaml:"protocol" mapstructure:"protocol"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginxTLS) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["provider"]; !ok || v == nil { - return fmt.Errorf("field provider in SpecDistributionModulesIngressNginxTLS: required") - } - type Plain SpecDistributionModulesIngressNginxTLS - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressNginxTLS(plain) - return nil -} + // If `true`, the source will be the security group itself. + Self bool `json:"self" yaml:"self" mapstructure:"self"` -type SpecDistributionModulesIngressNginxType string + // Additional AWS tags for the Firewall rule. + Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` -var enumValues_SpecDistributionModulesIngressNginxType = []interface{}{ - "none", - "single", - "dual", + // The type of the Firewall rule, can be `ingress` for incoming traffic or + // `egress` for outgoing traffic. + Type SpecKubernetesNodePoolAdditionalFirewallRuleSelfType `json:"type" yaml:"type" mapstructure:"type"` } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginxType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesIngressNginxType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressNginxType, v) - } - *j = SpecDistributionModulesIngressNginxType(v) - return nil -} +type SpecKubernetesNodePoolAdditionalFirewallRuleSelfType string const ( - SpecDistributionModulesIngressNginxTypeNone SpecDistributionModulesIngressNginxType = "none" - SpecDistributionModulesIngressNginxTypeSingle SpecDistributionModulesIngressNginxType = "single" - SpecDistributionModulesIngressNginxTypeDual SpecDistributionModulesIngressNginxType = "dual" + SpecKubernetesNodePoolAdditionalFirewallRuleSelfTypeEgress SpecKubernetesNodePoolAdditionalFirewallRuleSelfType = "egress" + SpecKubernetesNodePoolAdditionalFirewallRuleSelfTypeIngress SpecKubernetesNodePoolAdditionalFirewallRuleSelfType = "ingress" ) -type SpecDistributionModulesIngressNginx struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // Tls corresponds to the JSON schema field "tls". - Tls *SpecDistributionModulesIngressNginxTLS `json:"tls,omitempty" yaml:"tls,omitempty" mapstructure:"tls,omitempty"` - - // The type of the Ingress nginx controller, options are: - // - `none`: no ingress controller will be installed and no infrastructural - // ingresses will be created. - // - `single`: a single ingress controller with ingress class `nginx` will be - // installed to manage all the ingress resources, infrastructural ingresses will - // be created. - // - `dual`: two independent ingress controllers will be installed, one for the - // `internal` ingress class intended for private ingresses and one for the - // `external` ingress class intended for public ingresses. KFD infrastructural - // ingresses wil use the `internal` ingress class when using the dual type. - // - // Default is `single`. - Type SpecDistributionModulesIngressNginxType `json:"type" yaml:"type" mapstructure:"type"` -} +type SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId struct { + // The name for the additional Firewall rule Security Group. + Name string `json:"name" yaml:"name" mapstructure:"name"` -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginx) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesIngressNginx: required") - } - type Plain SpecDistributionModulesIngressNginx - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesIngressNginx(plain) - return nil -} + // Ports corresponds to the JSON schema field "ports". + Ports SpecKubernetesNodePoolAdditionalFirewallRulePorts `json:"ports" yaml:"ports" mapstructure:"ports"` -type SpecDistributionModulesIngressOverridesIngresses struct { - // Forecastle corresponds to the JSON schema field "forecastle". - Forecastle *TypesFuryModuleOverridesIngress `json:"forecastle,omitempty" yaml:"forecastle,omitempty" mapstructure:"forecastle,omitempty"` -} + // The protocol of the Firewall rule. + Protocol TypesAwsIpProtocol `json:"protocol" yaml:"protocol" mapstructure:"protocol"` -// Override the common configuration with a particular configuration for the -// Ingress module. -type SpecDistributionModulesIngressOverrides struct { - // Ingresses corresponds to the JSON schema field "ingresses". - Ingresses *SpecDistributionModulesIngressOverridesIngresses `json:"ingresses,omitempty" yaml:"ingresses,omitempty" mapstructure:"ingresses,omitempty"` + // The source security group ID. + SourceSecurityGroupId string `json:"sourceSecurityGroupId" yaml:"sourceSecurityGroupId" mapstructure:"sourceSecurityGroupId"` - // Set to override the node selector used to place the pods of the Ingress module. - NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + // Additional AWS tags for the Firewall rule. + Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` - // Set to override the tolerations that will be added to the pods of the Ingress - // module. - Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` + // The type of the Firewall rule, can be `ingress` for incoming traffic or + // `egress` for outgoing traffic. + Type SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType `json:"type" yaml:"type" mapstructure:"type"` } -type SpecDistributionModulesIngress struct { - // The base domain used for all the KFD infrastructural ingresses. If in the nginx - // `dual` configuration type, this value should be the same as the - // `.spec.distribution.modules.ingress.dns.private.name` zone. - BaseDomain string `json:"baseDomain" yaml:"baseDomain" mapstructure:"baseDomain"` - - // Configuration for the cert-manager package. Required even if - // `ingress.nginx.type` is `none`, cert-manager is used for managing other - // certificates in the cluster besides the TLS termination certificates for the - // ingresses. - CertManager SpecDistributionModulesIngressCertManager `json:"certManager" yaml:"certManager" mapstructure:"certManager"` - - // Dns corresponds to the JSON schema field "dns". - Dns *SpecDistributionModulesIngressDNS `json:"dns,omitempty" yaml:"dns,omitempty" mapstructure:"dns,omitempty"` +type SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType string - // ExternalDns corresponds to the JSON schema field "externalDns". - ExternalDns SpecDistributionModulesIngressExternalDNS `json:"externalDns" yaml:"externalDns" mapstructure:"externalDns"` +const ( + SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdTypeEgress SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType = "egress" + SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdTypeIngress SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType = "ingress" +) - // Forecastle corresponds to the JSON schema field "forecastle". - Forecastle *SpecDistributionModulesIngressForecastle `json:"forecastle,omitempty" yaml:"forecastle,omitempty" mapstructure:"forecastle,omitempty"` +// Optional additional firewall rules that will be attached to the nodes. +type SpecKubernetesNodePoolAdditionalFirewallRules struct { + // The CIDR blocks objects definition for the Firewall rule. + CidrBlocks []SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlock `json:"cidrBlocks,omitempty" yaml:"cidrBlocks,omitempty" mapstructure:"cidrBlocks,omitempty"` - // Configurations for the Ingress nginx controller package. - Nginx SpecDistributionModulesIngressNginx `json:"nginx" yaml:"nginx" mapstructure:"nginx"` + // The `self` objects definition for the Firewall rule. + Self []SpecKubernetesNodePoolAdditionalFirewallRuleSelf `json:"self,omitempty" yaml:"self,omitempty" mapstructure:"self,omitempty"` - // Overrides corresponds to the JSON schema field "overrides". - Overrides *SpecDistributionModulesIngressOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` + // The Source Security Group ID objects definition for the Firewall rule. + SourceSecurityGroupId []SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId `json:"sourceSecurityGroupId,omitempty" yaml:"sourceSecurityGroupId,omitempty" mapstructure:"sourceSecurityGroupId,omitempty"` } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngress) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesAuthProvider) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["baseDomain"]; !ok || v == nil { - return fmt.Errorf("field baseDomain in SpecDistributionModulesIngress: required") - } - if v, ok := raw["certManager"]; !ok || v == nil { - return fmt.Errorf("field certManager in SpecDistributionModulesIngress: required") - } - if v, ok := raw["externalDns"]; !ok || v == nil { - return fmt.Errorf("field externalDns in SpecDistributionModulesIngress: required") - } - if v, ok := raw["nginx"]; !ok || v == nil { - return fmt.Errorf("field nginx in SpecDistributionModulesIngress: required") + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesAuthProvider: required") } - type Plain SpecDistributionModulesIngress + type Plain SpecDistributionModulesAuthProvider var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesIngress(plain) + *j = SpecDistributionModulesAuthProvider(plain) return nil } -// DEPRECATED since KFD v1.26.6, 1.27.5, v1.28.0. -type SpecDistributionModulesLoggingCerebro struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` -} - -// When using the `customOutputs` logging type, you need to manually specify the -// spec of the several `Output` and `ClusterOutputs` that the Logging Operator -// expects to forward the logs collected by the pre-defined flows. -type SpecDistributionModulesLoggingCustomOutputs struct { - // This value defines where the output from the `audit` Flow will be sent. This - // will be the `spec` section of the `Output` object. It must be a string (and not - // a YAML object) following the OutputSpec definition. Use the `nullout` output to - // discard the flow: `nullout: {}` - Audit string `json:"audit" yaml:"audit" mapstructure:"audit"` - - // This value defines where the output from the `errors` Flow will be sent. This - // will be the `spec` section of the `Output` object. It must be a string (and not - // a YAML object) following the OutputSpec definition. Use the `nullout` output to - // discard the flow: `nullout: {}` - Errors string `json:"errors" yaml:"errors" mapstructure:"errors"` - - // This value defines where the output from the `events` Flow will be sent. This - // will be the `spec` section of the `Output` object. It must be a string (and not - // a YAML object) following the OutputSpec definition. Use the `nullout` output to - // discard the flow: `nullout: {}` - Events string `json:"events" yaml:"events" mapstructure:"events"` - - // This value defines where the output from the `infra` Flow will be sent. This - // will be the `spec` section of the `Output` object. It must be a string (and not - // a YAML object) following the OutputSpec definition. Use the `nullout` output to - // discard the flow: `nullout: {}` - Infra string `json:"infra" yaml:"infra" mapstructure:"infra"` - - // This value defines where the output from the `ingressNginx` Flow will be sent. - // This will be the `spec` section of the `Output` object. It must be a string - // (and not a YAML object) following the OutputSpec definition. Use the `nullout` - // output to discard the flow: `nullout: {}` - IngressNginx string `json:"ingressNginx" yaml:"ingressNginx" mapstructure:"ingressNginx"` - - // This value defines where the output from the `kubernetes` Flow will be sent. - // This will be the `spec` section of the `Output` object. It must be a string - // (and not a YAML object) following the OutputSpec definition. Use the `nullout` - // output to discard the flow: `nullout: {}` - Kubernetes string `json:"kubernetes" yaml:"kubernetes" mapstructure:"kubernetes"` - - // This value defines where the output from the `systemdCommon` Flow will be sent. - // This will be the `spec` section of the `Output` object. It must be a string - // (and not a YAML object) following the OutputSpec definition. Use the `nullout` - // output to discard the flow: `nullout: {}` - SystemdCommon string `json:"systemdCommon" yaml:"systemdCommon" mapstructure:"systemdCommon"` - - // This value defines where the output from the `systemdEtcd` Flow will be sent. - // This will be the `spec` section of the `Output` object. It must be a string - // (and not a YAML object) following the OutputSpec definition. Use the `nullout` - // output to discard the flow: `nullout: {}` - SystemdEtcd string `json:"systemdEtcd" yaml:"systemdEtcd" mapstructure:"systemdEtcd"` +var enumValues_SpecDistributionModulesLoggingType = []interface{}{ + "none", + "opensearch", + "loki", + "customOutputs", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingCustomOutputs) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesLoggingOpensearch) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["audit"]; !ok || v == nil { - return fmt.Errorf("field audit in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["errors"]; !ok || v == nil { - return fmt.Errorf("field errors in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["events"]; !ok || v == nil { - return fmt.Errorf("field events in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["infra"]; !ok || v == nil { - return fmt.Errorf("field infra in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["ingressNginx"]; !ok || v == nil { - return fmt.Errorf("field ingressNginx in SpecDistributionModulesLoggingCustomOutputs: required") + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesLoggingOpensearch: required") } - if v, ok := raw["kubernetes"]; !ok || v == nil { - return fmt.Errorf("field kubernetes in SpecDistributionModulesLoggingCustomOutputs: required") + type Plain SpecDistributionModulesLoggingOpensearch + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - if v, ok := raw["systemdCommon"]; !ok || v == nil { - return fmt.Errorf("field systemdCommon in SpecDistributionModulesLoggingCustomOutputs: required") + *j = SpecDistributionModulesLoggingOpensearch(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesLogging) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err } - if v, ok := raw["systemdEtcd"]; !ok || v == nil { - return fmt.Errorf("field systemdEtcd in SpecDistributionModulesLoggingCustomOutputs: required") + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesLogging: required") } - type Plain SpecDistributionModulesLoggingCustomOutputs + type Plain SpecDistributionModulesLogging var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesLoggingCustomOutputs(plain) + *j = SpecDistributionModulesLogging(plain) return nil } -type SpecDistributionModulesLoggingLokiBackend string - -var enumValues_SpecDistributionModulesLoggingLokiBackend = []interface{}{ - "minio", - "externalEndpoint", -} - // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingLokiBackend) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesLoggingOpensearchType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesLoggingLokiBackend { + for _, expected := range enumValues_SpecDistributionModulesLoggingOpensearchType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingLokiBackend, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingOpensearchType, v) } - *j = SpecDistributionModulesLoggingLokiBackend(v) + *j = SpecDistributionModulesLoggingOpensearchType(v) return nil } -const ( - SpecDistributionModulesLoggingLokiBackendMinio SpecDistributionModulesLoggingLokiBackend = "minio" - SpecDistributionModulesLoggingLokiBackendExternalEndpoint SpecDistributionModulesLoggingLokiBackend = "externalEndpoint" -) - -// Configuration for Loki's external storage backend. -type SpecDistributionModulesLoggingLokiExternalEndpoint struct { - // The access key ID (username) for the external S3-compatible bucket. - AccessKeyId *string `json:"accessKeyId,omitempty" yaml:"accessKeyId,omitempty" mapstructure:"accessKeyId,omitempty"` - - // The bucket name of the external S3-compatible object storage. - BucketName *string `json:"bucketName,omitempty" yaml:"bucketName,omitempty" mapstructure:"bucketName,omitempty"` - - // External S3-compatible endpoint for Loki's storage. - Endpoint *string `json:"endpoint,omitempty" yaml:"endpoint,omitempty" mapstructure:"endpoint,omitempty"` - - // If true, will use HTTP as protocol instead of HTTPS. - Insecure *bool `json:"insecure,omitempty" yaml:"insecure,omitempty" mapstructure:"insecure,omitempty"` - - // The secret access key (password) for the external S3-compatible bucket. - SecretAccessKey *string `json:"secretAccessKey,omitempty" yaml:"secretAccessKey,omitempty" mapstructure:"secretAccessKey,omitempty"` -} - -type TypesKubeResourcesLimits struct { - // The CPU limit for the Pod. Example: `1000m`. - Cpu *string `json:"cpu,omitempty" yaml:"cpu,omitempty" mapstructure:"cpu,omitempty"` - - // The memory limit for the Pod. Example: `1G`. - Memory *string `json:"memory,omitempty" yaml:"memory,omitempty" mapstructure:"memory,omitempty"` -} - -type TypesKubeResourcesRequests struct { - // The CPU request for the Pod, in cores. Example: `500m`. - Cpu *string `json:"cpu,omitempty" yaml:"cpu,omitempty" mapstructure:"cpu,omitempty"` - - // The memory request for the Pod. Example: `500M`. - Memory *string `json:"memory,omitempty" yaml:"memory,omitempty" mapstructure:"memory,omitempty"` -} - -type TypesKubeResources struct { - // Limits corresponds to the JSON schema field "limits". - Limits *TypesKubeResourcesLimits `json:"limits,omitempty" yaml:"limits,omitempty" mapstructure:"limits,omitempty"` - - // Requests corresponds to the JSON schema field "requests". - Requests *TypesKubeResourcesRequests `json:"requests,omitempty" yaml:"requests,omitempty" mapstructure:"requests,omitempty"` -} - -// Configuration for the Loki package. -type SpecDistributionModulesLoggingLoki struct { - // The storage backend type for Loki. `minio` will use an in-cluster MinIO - // deployment for object storage, `externalEndpoint` can be used to point to an - // external object storage instead of deploying an in-cluster MinIO. - Backend *SpecDistributionModulesLoggingLokiBackend `json:"backend,omitempty" yaml:"backend,omitempty" mapstructure:"backend,omitempty"` - - // Configuration for Loki's external storage backend. - ExternalEndpoint *SpecDistributionModulesLoggingLokiExternalEndpoint `json:"externalEndpoint,omitempty" yaml:"externalEndpoint,omitempty" mapstructure:"externalEndpoint,omitempty"` - - // Resources corresponds to the JSON schema field "resources". - Resources *TypesKubeResources `json:"resources,omitempty" yaml:"resources,omitempty" mapstructure:"resources,omitempty"` - - // Starting from versions 1.28.4, 1.29.5 and 1.30.0 of KFD, Loki will change the - // time series database from BoltDB to TSDB and the schema from v11 to v13 that it - // uses to store the logs. - // - // The value of this field will determine the date when Loki will start writing - // using the new TSDB and the schema v13, always at midnight UTC. The old BoltDB - // and schema will be kept until they expire for reading purposes. - // - // Value must be a string in `ISO 8601` date format (`yyyy-mm-dd`). Example: - // `2024-11-18`. - TsdbStartDate types.SerializableDate `json:"tsdbStartDate" yaml:"tsdbStartDate" mapstructure:"tsdbStartDate"` +var enumValues_SpecDistributionModulesLoggingOpensearchType = []interface{}{ + "single", + "triple", } // UnmarshalJSON implements json.Unmarshaler. @@ -1880,384 +1980,440 @@ func (j *SpecDistributionModulesLoggingLoki) UnmarshalJSON(b []byte) error { return nil } -type SpecDistributionModulesLoggingMinioRootUser struct { - // The password for the default MinIO root user. - Password *string `json:"password,omitempty" yaml:"password,omitempty" mapstructure:"password,omitempty"` +type TypesKubeResources struct { + // Limits corresponds to the JSON schema field "limits". + Limits *TypesKubeResourcesLimits `json:"limits,omitempty" yaml:"limits,omitempty" mapstructure:"limits,omitempty"` - // The username for the default MinIO root user. - Username *string `json:"username,omitempty" yaml:"username,omitempty" mapstructure:"username,omitempty"` + // Requests corresponds to the JSON schema field "requests". + Requests *TypesKubeResourcesRequests `json:"requests,omitempty" yaml:"requests,omitempty" mapstructure:"requests,omitempty"` } -// Configuration for Logging's MinIO deployment. -type SpecDistributionModulesLoggingMinio struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +type TypesKubeResourcesRequests struct { + // The CPU request for the Pod, in cores. Example: `500m`. + Cpu *string `json:"cpu,omitempty" yaml:"cpu,omitempty" mapstructure:"cpu,omitempty"` - // RootUser corresponds to the JSON schema field "rootUser". - RootUser *SpecDistributionModulesLoggingMinioRootUser `json:"rootUser,omitempty" yaml:"rootUser,omitempty" mapstructure:"rootUser,omitempty"` + // The memory request for the Pod. Example: `500M`. + Memory *string `json:"memory,omitempty" yaml:"memory,omitempty" mapstructure:"memory,omitempty"` +} - // The PVC size for each MinIO disk, 6 disks total. - StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` +var enumValues_SpecDistributionModulesMonitoringMimirBackend = []interface{}{ + "minio", + "externalEndpoint", +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesMonitoringMimirBackend) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionModulesMonitoringMimirBackend { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesMonitoringMimirBackend, v) + } + *j = SpecDistributionModulesMonitoringMimirBackend(v) + return nil } -type SpecDistributionModulesLoggingOpensearchType string +type TypesKubeResourcesLimits struct { + // The CPU limit for the Pod. Example: `1000m`. + Cpu *string `json:"cpu,omitempty" yaml:"cpu,omitempty" mapstructure:"cpu,omitempty"` -var enumValues_SpecDistributionModulesLoggingOpensearchType = []interface{}{ - "single", - "triple", + // The memory limit for the Pod. Example: `1G`. + Memory *string `json:"memory,omitempty" yaml:"memory,omitempty" mapstructure:"memory,omitempty"` } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingOpensearchType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesLoggingLokiBackend) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesLoggingOpensearchType { + for _, expected := range enumValues_SpecDistributionModulesLoggingLokiBackend { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingOpensearchType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingLokiBackend, v) } - *j = SpecDistributionModulesLoggingOpensearchType(v) + *j = SpecDistributionModulesLoggingLokiBackend(v) return nil } -const ( - SpecDistributionModulesLoggingOpensearchTypeSingle SpecDistributionModulesLoggingOpensearchType = "single" - SpecDistributionModulesLoggingOpensearchTypeTriple SpecDistributionModulesLoggingOpensearchType = "triple" -) - -type SpecDistributionModulesLoggingOpensearch struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // Resources corresponds to the JSON schema field "resources". - Resources *TypesKubeResources `json:"resources,omitempty" yaml:"resources,omitempty" mapstructure:"resources,omitempty"` - - // The storage size for the OpenSearch volumes. Follows Kubernetes resources - // storage requests. Default is `150Gi`. - StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` - - // The type of OpenSearch deployment. One of: `single` for a single replica or - // `triple` for an HA 3-replicas deployment. - Type SpecDistributionModulesLoggingOpensearchType `json:"type" yaml:"type" mapstructure:"type"` +var enumValues_SpecDistributionModulesLoggingLokiBackend = []interface{}{ + "minio", + "externalEndpoint", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingOpensearch) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesLoggingCustomOutputs) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesLoggingOpensearch: required") + if v, ok := raw["audit"]; !ok || v == nil { + return fmt.Errorf("field audit in SpecDistributionModulesLoggingCustomOutputs: required") } - type Plain SpecDistributionModulesLoggingOpensearch + if v, ok := raw["errors"]; !ok || v == nil { + return fmt.Errorf("field errors in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["events"]; !ok || v == nil { + return fmt.Errorf("field events in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["infra"]; !ok || v == nil { + return fmt.Errorf("field infra in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["ingressNginx"]; !ok || v == nil { + return fmt.Errorf("field ingressNginx in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["kubernetes"]; !ok || v == nil { + return fmt.Errorf("field kubernetes in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["systemdCommon"]; !ok || v == nil { + return fmt.Errorf("field systemdCommon in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["systemdEtcd"]; !ok || v == nil { + return fmt.Errorf("field systemdEtcd in SpecDistributionModulesLoggingCustomOutputs: required") + } + type Plain SpecDistributionModulesLoggingCustomOutputs var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesLoggingOpensearch(plain) + *j = SpecDistributionModulesLoggingCustomOutputs(plain) return nil } -// Configuration for the Logging Operator. -type SpecDistributionModulesLoggingOperator struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` -} - -type SpecDistributionModulesLoggingType string - -var enumValues_SpecDistributionModulesLoggingType = []interface{}{ - "none", - "opensearch", - "loki", - "customOutputs", -} - -const ( - SpecDistributionModulesMonitoringTypeNone SpecDistributionModulesMonitoringType = "none" - SpecDistributionModulesLoggingTypeNone SpecDistributionModulesLoggingType = "none" - SpecDistributionModulesLoggingTypeOpensearch SpecDistributionModulesLoggingType = "opensearch" - SpecDistributionModulesLoggingTypeLoki SpecDistributionModulesLoggingType = "loki" - SpecDistributionModulesLoggingTypeCustomOutputs SpecDistributionModulesLoggingType = "customOutputs" -) - -// Configuration for the Logging module. -type SpecDistributionModulesLogging struct { - // Cerebro corresponds to the JSON schema field "cerebro". - Cerebro *SpecDistributionModulesLoggingCerebro `json:"cerebro,omitempty" yaml:"cerebro,omitempty" mapstructure:"cerebro,omitempty"` - - // CustomOutputs corresponds to the JSON schema field "customOutputs". - CustomOutputs *SpecDistributionModulesLoggingCustomOutputs `json:"customOutputs,omitempty" yaml:"customOutputs,omitempty" mapstructure:"customOutputs,omitempty"` - - // Loki corresponds to the JSON schema field "loki". - Loki *SpecDistributionModulesLoggingLoki `json:"loki,omitempty" yaml:"loki,omitempty" mapstructure:"loki,omitempty"` - - // Minio corresponds to the JSON schema field "minio". - Minio *SpecDistributionModulesLoggingMinio `json:"minio,omitempty" yaml:"minio,omitempty" mapstructure:"minio,omitempty"` - - // Opensearch corresponds to the JSON schema field "opensearch". - Opensearch *SpecDistributionModulesLoggingOpensearch `json:"opensearch,omitempty" yaml:"opensearch,omitempty" mapstructure:"opensearch,omitempty"` - - // Operator corresponds to the JSON schema field "operator". - Operator *SpecDistributionModulesLoggingOperator `json:"operator,omitempty" yaml:"operator,omitempty" mapstructure:"operator,omitempty"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // Selects the logging stack. Options are: - // - `none`: will disable the centralized logging. - // - `opensearch`: will deploy and configure the Logging Operator and an - // OpenSearch cluster (can be single or triple for HA) where the logs will be - // stored. - // - `loki`: will use a distributed Grafana Loki instead of OpenSearch for - // storage. - // - `customOuputs`: the Logging Operator will be deployed and installed but - // without in-cluster storage, you will have to create the needed Outputs and - // ClusterOutputs to ship the logs to your desired storage. - // - // Default is `opensearch`. - Type SpecDistributionModulesLoggingType `json:"type" yaml:"type" mapstructure:"type"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngress) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["baseDomain"]; !ok || v == nil { + return fmt.Errorf("field baseDomain in SpecDistributionModulesIngress: required") + } + if v, ok := raw["certManager"]; !ok || v == nil { + return fmt.Errorf("field certManager in SpecDistributionModulesIngress: required") + } + if v, ok := raw["externalDns"]; !ok || v == nil { + return fmt.Errorf("field externalDns in SpecDistributionModulesIngress: required") + } + if v, ok := raw["nginx"]; !ok || v == nil { + return fmt.Errorf("field nginx in SpecDistributionModulesIngress: required") + } + type Plain SpecDistributionModulesIngress + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngress(plain) + return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLogging) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressNginx) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesLogging: required") + return fmt.Errorf("field type in SpecDistributionModulesIngressNginx: required") } - type Plain SpecDistributionModulesLogging + type Plain SpecDistributionModulesIngressNginx var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesLogging(plain) + *j = SpecDistributionModulesIngressNginx(plain) return nil } -type SpecDistributionModulesMonitoringAlertManager struct { - // The webhook URL to send dead man's switch monitoring, for example to use with - // healthchecks.io. - DeadManSwitchWebhookUrl *string `json:"deadManSwitchWebhookUrl,omitempty" yaml:"deadManSwitchWebhookUrl,omitempty" mapstructure:"deadManSwitchWebhookUrl,omitempty"` - - // Set to false to avoid installing the Prometheus rules (alerts) included with - // the distribution. - InstallDefaultRules *bool `json:"installDefaultRules,omitempty" yaml:"installDefaultRules,omitempty" mapstructure:"installDefaultRules,omitempty"` - - // The Slack webhook URL where to send the infrastructural and workload alerts to. - SlackWebhookUrl *string `json:"slackWebhookUrl,omitempty" yaml:"slackWebhookUrl,omitempty" mapstructure:"slackWebhookUrl,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressNginxType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionModulesIngressNginxType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressNginxType, v) + } + *j = SpecDistributionModulesIngressNginxType(v) + return nil } -type SpecDistributionModulesMonitoringBlackboxExporter struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +var enumValues_SpecDistributionModulesIngressNginxType = []interface{}{ + "none", + "single", + "dual", } -type SpecDistributionModulesMonitoringGrafana struct { - // Setting this to true will deploy an additional `grafana-basic-auth` ingress - // protected with Grafana's basic auth instead of SSO. It's intended use is as a - // temporary ingress for when there are problems with the SSO login flow. - // - // Notice that by default anonymous access is enabled. - BasicAuthIngress *bool `json:"basicAuthIngress,omitempty" yaml:"basicAuthIngress,omitempty" mapstructure:"basicAuthIngress,omitempty"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressNginxTLS) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["provider"]; !ok || v == nil { + return fmt.Errorf("field provider in SpecDistributionModulesIngressNginxTLS: required") + } + type Plain SpecDistributionModulesIngressNginxTLS + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngressNginxTLS(plain) + return nil +} - // [JMESPath](http://jmespath.org/examples.html) expression to retrieve the user's - // role. Example: - // - // ```yaml - // usersRoleAttributePath: "contains(groups[*], 'beta') && 'Admin' || - // contains(groups[*], 'gamma') && 'Editor' || contains(groups[*], 'delta') && - // 'Viewer' - // ``` - // - // More details in [Grafana's - // documentation](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/generic-oauth/#configure-role-mapping). - UsersRoleAttributePath *string `json:"usersRoleAttributePath,omitempty" yaml:"usersRoleAttributePath,omitempty" mapstructure:"usersRoleAttributePath,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressNginxTLSSecret) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["ca"]; !ok || v == nil { + return fmt.Errorf("field ca in SpecDistributionModulesIngressNginxTLSSecret: required") + } + if v, ok := raw["cert"]; !ok || v == nil { + return fmt.Errorf("field cert in SpecDistributionModulesIngressNginxTLSSecret: required") + } + if v, ok := raw["key"]; !ok || v == nil { + return fmt.Errorf("field key in SpecDistributionModulesIngressNginxTLSSecret: required") + } + type Plain SpecDistributionModulesIngressNginxTLSSecret + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngressNginxTLSSecret(plain) + return nil } -type SpecDistributionModulesMonitoringKubeStateMetrics struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressNginxTLSProvider) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionModulesIngressNginxTLSProvider { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressNginxTLSProvider, v) + } + *j = SpecDistributionModulesIngressNginxTLSProvider(v) + return nil } -type SpecDistributionModulesMonitoringMimirBackend string - -var enumValues_SpecDistributionModulesMonitoringMimirBackend = []interface{}{ - "minio", - "externalEndpoint", +var enumValues_SpecDistributionModulesMonitoringType = []interface{}{ + "none", + "prometheus", + "prometheusAgent", + "mimir", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesMonitoringMimirBackend) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesMonitoringType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesMonitoringMimirBackend { + for _, expected := range enumValues_SpecDistributionModulesMonitoringType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesMonitoringMimirBackend, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesMonitoringType, v) } - *j = SpecDistributionModulesMonitoringMimirBackend(v) + *j = SpecDistributionModulesMonitoringType(v) return nil } -const ( - SpecDistributionModulesMonitoringMimirBackendMinio SpecDistributionModulesMonitoringMimirBackend = "minio" - SpecDistributionModulesMonitoringMimirBackendExternalEndpoint SpecDistributionModulesMonitoringMimirBackend = "externalEndpoint" -) - -// Configuration for Mimir's external storage backend. -type SpecDistributionModulesMonitoringMimirExternalEndpoint struct { - // The access key ID (username) for the external S3-compatible bucket. - AccessKeyId *string `json:"accessKeyId,omitempty" yaml:"accessKeyId,omitempty" mapstructure:"accessKeyId,omitempty"` - - // The bucket name of the external S3-compatible object storage. - BucketName *string `json:"bucketName,omitempty" yaml:"bucketName,omitempty" mapstructure:"bucketName,omitempty"` - - // The external S3-compatible endpoint for Mimir's storage. - Endpoint *string `json:"endpoint,omitempty" yaml:"endpoint,omitempty" mapstructure:"endpoint,omitempty"` - - // If true, will use HTTP as protocol instead of HTTPS. - Insecure *bool `json:"insecure,omitempty" yaml:"insecure,omitempty" mapstructure:"insecure,omitempty"` - - // The secret access key (password) for the external S3-compatible bucket. - SecretAccessKey *string `json:"secretAccessKey,omitempty" yaml:"secretAccessKey,omitempty" mapstructure:"secretAccessKey,omitempty"` -} - -// Configuration for the Mimir package. -type SpecDistributionModulesMonitoringMimir struct { - // The storage backend type for Mimir. `minio` will use an in-cluster MinIO - // deployment for object storage, `externalEndpoint` can be used to point to an - // external S3-compatible object storage instead of deploying an in-cluster MinIO. - Backend *SpecDistributionModulesMonitoringMimirBackend `json:"backend,omitempty" yaml:"backend,omitempty" mapstructure:"backend,omitempty"` - - // Configuration for Mimir's external storage backend. - ExternalEndpoint *SpecDistributionModulesMonitoringMimirExternalEndpoint `json:"externalEndpoint,omitempty" yaml:"externalEndpoint,omitempty" mapstructure:"externalEndpoint,omitempty"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // The retention time for the logs stored in Mimir. Default is `30d`. Value must - // match the regular expression `[0-9]+(ns|us|µs|ms|s|m|h|d|w|y)` where y = 365 - // days. - RetentionTime *string `json:"retentionTime,omitempty" yaml:"retentionTime,omitempty" mapstructure:"retentionTime,omitempty"` +var enumValues_SpecDistributionModulesIngressNginxTLSProvider = []interface{}{ + "certManager", + "secret", + "none", } -type SpecDistributionModulesMonitoringMinioRootUser struct { - // The password for the default MinIO root user. - Password *string `json:"password,omitempty" yaml:"password,omitempty" mapstructure:"password,omitempty"` - - // The username for the default MinIO root user. - Username *string `json:"username,omitempty" yaml:"username,omitempty" mapstructure:"username,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressExternalDNS) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["privateIamRoleArn"]; !ok || v == nil { + return fmt.Errorf("field privateIamRoleArn in SpecDistributionModulesIngressExternalDNS: required") + } + if v, ok := raw["publicIamRoleArn"]; !ok || v == nil { + return fmt.Errorf("field publicIamRoleArn in SpecDistributionModulesIngressExternalDNS: required") + } + type Plain SpecDistributionModulesIngressExternalDNS + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngressExternalDNS(plain) + return nil } -// Configuration for Monitoring's MinIO deployment. -type SpecDistributionModulesMonitoringMinio struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // RootUser corresponds to the JSON schema field "rootUser". - RootUser *SpecDistributionModulesMonitoringMinioRootUser `json:"rootUser,omitempty" yaml:"rootUser,omitempty" mapstructure:"rootUser,omitempty"` - - // The PVC size for each MinIO disk, 6 disks total. - StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressDNSPublic) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["create"]; !ok || v == nil { + return fmt.Errorf("field create in SpecDistributionModulesIngressDNSPublic: required") + } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionModulesIngressDNSPublic: required") + } + type Plain SpecDistributionModulesIngressDNSPublic + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngressDNSPublic(plain) + return nil } -type SpecDistributionModulesMonitoringPrometheusRemoteWriteElem map[string]interface{} - -type SpecDistributionModulesMonitoringPrometheus struct { - // Set this option to ship the collected metrics to a remote Prometheus receiver. - // - // `remoteWrite` is an array of objects that allows configuring the - // [remoteWrite](https://prometheus.io/docs/specs/remote_write_spec/) options for - // Prometheus. The objects in the array follow [the same schema as in the - // prometheus - // operator](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.RemoteWriteSpec). - RemoteWrite []SpecDistributionModulesMonitoringPrometheusRemoteWriteElem `json:"remoteWrite,omitempty" yaml:"remoteWrite,omitempty" mapstructure:"remoteWrite,omitempty"` - - // Resources corresponds to the JSON schema field "resources". - Resources *TypesKubeResources `json:"resources,omitempty" yaml:"resources,omitempty" mapstructure:"resources,omitempty"` - - // The retention size for the `k8s` Prometheus instance. - RetentionSize *string `json:"retentionSize,omitempty" yaml:"retentionSize,omitempty" mapstructure:"retentionSize,omitempty"` - - // The retention time for the `k8s` Prometheus instance. - RetentionTime *string `json:"retentionTime,omitempty" yaml:"retentionTime,omitempty" mapstructure:"retentionTime,omitempty"` - - // The storage size for the `k8s` Prometheus instance. - StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressDNSPrivate) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["create"]; !ok || v == nil { + return fmt.Errorf("field create in SpecDistributionModulesIngressDNSPrivate: required") + } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionModulesIngressDNSPrivate: required") + } + if v, ok := raw["vpcId"]; !ok || v == nil { + return fmt.Errorf("field vpcId in SpecDistributionModulesIngressDNSPrivate: required") + } + type Plain SpecDistributionModulesIngressDNSPrivate + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngressDNSPrivate(plain) + return nil } -type SpecDistributionModulesMonitoringPrometheusAgentRemoteWriteElem map[string]interface{} - -type SpecDistributionModulesMonitoringPrometheusAgent struct { - // Set this option to ship the collected metrics to a remote Prometheus receiver. - // - // `remoteWrite` is an array of objects that allows configuring the - // [remoteWrite](https://prometheus.io/docs/specs/remote_write_spec/) options for - // Prometheus. The objects in the array follow [the same schema as in the - // prometheus - // operator](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.RemoteWriteSpec). - RemoteWrite []SpecDistributionModulesMonitoringPrometheusAgentRemoteWriteElem `json:"remoteWrite,omitempty" yaml:"remoteWrite,omitempty" mapstructure:"remoteWrite,omitempty"` - - // Resources corresponds to the JSON schema field "resources". - Resources *TypesKubeResources `json:"resources,omitempty" yaml:"resources,omitempty" mapstructure:"resources,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressCertManager) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["clusterIssuer"]; !ok || v == nil { + return fmt.Errorf("field clusterIssuer in SpecDistributionModulesIngressCertManager: required") + } + type Plain SpecDistributionModulesIngressCertManager + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngressCertManager(plain) + return nil } -type SpecDistributionModulesMonitoringType string - -var enumValues_SpecDistributionModulesMonitoringType = []interface{}{ - "none", - "prometheus", - "prometheusAgent", - "mimir", +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressCertManagerClusterIssuer) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["email"]; !ok || v == nil { + return fmt.Errorf("field email in SpecDistributionModulesIngressCertManagerClusterIssuer: required") + } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionModulesIngressCertManagerClusterIssuer: required") + } + if v, ok := raw["route53"]; !ok || v == nil { + return fmt.Errorf("field route53 in SpecDistributionModulesIngressCertManagerClusterIssuer: required") + } + type Plain SpecDistributionModulesIngressCertManagerClusterIssuer + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngressCertManagerClusterIssuer(plain) + return nil } -const TypesAwsRegionApEast1 TypesAwsRegion = "ap-east-1" - // UnmarshalJSON implements json.Unmarshaler. -func (j *Metadata) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesMonitoring) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in Metadata: required") + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesMonitoring: required") } - type Plain Metadata + type Plain SpecDistributionModulesMonitoring var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - if len(plain.Name) < 1 { - return fmt.Errorf("field %s length: must be >= %d", "name", 1) + *j = SpecDistributionModulesMonitoring(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressCertManagerClusterIssuerType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err } - if len(plain.Name) > 56 { - return fmt.Errorf("field %s length: must be <= %d", "name", 56) + var ok bool + for _, expected := range enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - *j = Metadata(plain) + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType, v) + } + *j = SpecDistributionModulesIngressCertManagerClusterIssuerType(v) return nil } +var enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType = []interface{}{ + "dns01", + "http01", +} + +var enumValues_SpecDistributionModulesNetworkingType = []interface{}{ + "none", +} + // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistributionModulesNetworkingType) UnmarshalJSON(b []byte) error { var v string @@ -2278,116 +2434,66 @@ func (j *SpecDistributionModulesNetworkingType) UnmarshalJSON(b []byte) error { return nil } -const ( - SpecDistributionModulesMonitoringTypePrometheusAgent SpecDistributionModulesMonitoringType = "prometheusAgent" - SpecDistributionModulesMonitoringTypeMimir SpecDistributionModulesMonitoringType = "mimir" -) - -type SpecDistributionModulesMonitoringX509Exporter struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` -} - -// Configuration for the Monitoring module. -type SpecDistributionModulesMonitoring struct { - // Alertmanager corresponds to the JSON schema field "alertmanager". - Alertmanager *SpecDistributionModulesMonitoringAlertManager `json:"alertmanager,omitempty" yaml:"alertmanager,omitempty" mapstructure:"alertmanager,omitempty"` - - // BlackboxExporter corresponds to the JSON schema field "blackboxExporter". - BlackboxExporter *SpecDistributionModulesMonitoringBlackboxExporter `json:"blackboxExporter,omitempty" yaml:"blackboxExporter,omitempty" mapstructure:"blackboxExporter,omitempty"` - - // Grafana corresponds to the JSON schema field "grafana". - Grafana *SpecDistributionModulesMonitoringGrafana `json:"grafana,omitempty" yaml:"grafana,omitempty" mapstructure:"grafana,omitempty"` - - // KubeStateMetrics corresponds to the JSON schema field "kubeStateMetrics". - KubeStateMetrics *SpecDistributionModulesMonitoringKubeStateMetrics `json:"kubeStateMetrics,omitempty" yaml:"kubeStateMetrics,omitempty" mapstructure:"kubeStateMetrics,omitempty"` - - // Mimir corresponds to the JSON schema field "mimir". - Mimir *SpecDistributionModulesMonitoringMimir `json:"mimir,omitempty" yaml:"mimir,omitempty" mapstructure:"mimir,omitempty"` - - // Minio corresponds to the JSON schema field "minio". - Minio *SpecDistributionModulesMonitoringMinio `json:"minio,omitempty" yaml:"minio,omitempty" mapstructure:"minio,omitempty"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // Prometheus corresponds to the JSON schema field "prometheus". - Prometheus *SpecDistributionModulesMonitoringPrometheus `json:"prometheus,omitempty" yaml:"prometheus,omitempty" mapstructure:"prometheus,omitempty"` - - // PrometheusAgent corresponds to the JSON schema field "prometheusAgent". - PrometheusAgent *SpecDistributionModulesMonitoringPrometheusAgent `json:"prometheusAgent,omitempty" yaml:"prometheusAgent,omitempty" mapstructure:"prometheusAgent,omitempty"` - - // The type of the monitoring, must be `none`, `prometheus`, `prometheusAgent` or - // `mimir`. - // - // - `none`: will disable the whole monitoring stack. - // - `prometheus`: will install Prometheus Operator and a preconfigured Prometheus - // instance, Alertmanager, a set of alert rules, exporters needed to monitor all - // the components of the cluster, Grafana and a series of dashboards to view the - // collected metrics, and more. - // - `prometheusAgent`: will install Prometheus operator, an instance of - // Prometheus in Agent mode (no alerting, no queries, no storage), and all the - // exporters needed to get metrics for the status of the cluster and the - // workloads. Useful when having a centralized (remote) Prometheus where to ship - // the metrics and not storing them locally in the cluster. - // - `mimir`: will install the same as the `prometheus` option, plus Grafana Mimir - // that allows for longer retention of metrics and the usage of Object Storage. - // - // Default is `prometheus`. - Type SpecDistributionModulesMonitoringType `json:"type" yaml:"type" mapstructure:"type"` - - // X509Exporter corresponds to the JSON schema field "x509Exporter". - X509Exporter *SpecDistributionModulesMonitoringX509Exporter `json:"x509Exporter,omitempty" yaml:"x509Exporter,omitempty" mapstructure:"x509Exporter,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesIngressClusterIssuerRoute53) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["hostedZoneId"]; !ok || v == nil { + return fmt.Errorf("field hostedZoneId in SpecDistributionModulesIngressClusterIssuerRoute53: required") + } + if v, ok := raw["iamRoleArn"]; !ok || v == nil { + return fmt.Errorf("field iamRoleArn in SpecDistributionModulesIngressClusterIssuerRoute53: required") + } + if v, ok := raw["region"]; !ok || v == nil { + return fmt.Errorf("field region in SpecDistributionModulesIngressClusterIssuerRoute53: required") + } + type Plain SpecDistributionModulesIngressClusterIssuerRoute53 + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesIngressClusterIssuerRoute53(plain) + return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesMonitoring) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesDr) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesMonitoring: required") + return fmt.Errorf("field type in SpecDistributionModulesDr: required") } - type Plain SpecDistributionModulesMonitoring + type Plain SpecDistributionModulesDr var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesMonitoring(plain) + *j = SpecDistributionModulesDr(plain) return nil } -type SpecDistributionModulesNetworkingTigeraOperator struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` -} - -type SpecDistributionModulesNetworkingType string - -var enumValues_SpecDistributionModulesNetworkingType = []interface{}{ - "none", -} - -const ( - SpecDistributionModulesMonitoringTypePrometheus SpecDistributionModulesMonitoringType = "prometheus" - SpecDistributionModulesNetworkingTypeNone SpecDistributionModulesNetworkingType = "none" -) - -// Configuration for the Networking module. -type SpecDistributionModulesNetworking struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // TigeraOperator corresponds to the JSON schema field "tigeraOperator". - TigeraOperator *SpecDistributionModulesNetworkingTigeraOperator `json:"tigeraOperator,omitempty" yaml:"tigeraOperator,omitempty" mapstructure:"tigeraOperator,omitempty"` - - // Type corresponds to the JSON schema field "type". - Type *SpecDistributionModulesNetworkingType `json:"type,omitempty" yaml:"type,omitempty" mapstructure:"type,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesDrVelero) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["eks"]; !ok || v == nil { + return fmt.Errorf("field eks in SpecDistributionModulesDrVelero: required") + } + type Plain SpecDistributionModulesDrVelero + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesDrVelero(plain) + return nil } -type SpecDistributionModulesPolicyGatekeeperEnforcementAction string - var enumValues_SpecDistributionModulesPolicyGatekeeperEnforcementAction = []interface{}{ "deny", "dryrun", @@ -2414,32 +2520,36 @@ func (j *SpecDistributionModulesPolicyGatekeeperEnforcementAction) UnmarshalJSON return nil } +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesDrVeleroEks) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["bucketName"]; !ok || v == nil { + return fmt.Errorf("field bucketName in SpecDistributionModulesDrVeleroEks: required") + } + if v, ok := raw["iamRoleArn"]; !ok || v == nil { + return fmt.Errorf("field iamRoleArn in SpecDistributionModulesDrVeleroEks: required") + } + if v, ok := raw["region"]; !ok || v == nil { + return fmt.Errorf("field region in SpecDistributionModulesDrVeleroEks: required") + } + type Plain SpecDistributionModulesDrVeleroEks + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesDrVeleroEks(plain) + return nil +} + const ( - SpecDistributionModulesPolicyGatekeeperEnforcementActionDeny SpecDistributionModulesPolicyGatekeeperEnforcementAction = "deny" - SpecDistributionModulesPolicyGatekeeperEnforcementActionDryrun SpecDistributionModulesPolicyGatekeeperEnforcementAction = "dryrun" - SpecDistributionModulesPolicyGatekeeperEnforcementActionWarn SpecDistributionModulesPolicyGatekeeperEnforcementAction = "warn" + TypesAwsRegionUsWest2 TypesAwsRegion = "us-west-2" + TypesAwsRegionUsWest1 TypesAwsRegion = "us-west-1" + TypesAwsRegionUsGovWest1 TypesAwsRegion = "us-gov-west-1" ) -// Configuration for the Gatekeeper package. -type SpecDistributionModulesPolicyGatekeeper struct { - // This parameter adds namespaces to Gatekeeper's exemption list, so it will not - // enforce the constraints on them. - AdditionalExcludedNamespaces []string `json:"additionalExcludedNamespaces,omitempty" yaml:"additionalExcludedNamespaces,omitempty" mapstructure:"additionalExcludedNamespaces,omitempty"` - - // The default enforcement action to use for the included constraints. `deny` will - // block the admission when violations to the policies are found, `warn` will show - // a message to the user but will admit the violating requests and `dryrun` won't - // give any feedback to the user but it will log the violations. - EnforcementAction SpecDistributionModulesPolicyGatekeeperEnforcementAction `json:"enforcementAction" yaml:"enforcementAction" mapstructure:"enforcementAction"` - - // Set to `false` to avoid installing the default Gatekeeper policies (constraints - // templates and constraints) included with the distribution. - InstallDefaultPolicies bool `json:"installDefaultPolicies" yaml:"installDefaultPolicies" mapstructure:"installDefaultPolicies"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` -} - // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistributionModulesPolicyGatekeeper) UnmarshalJSON(b []byte) error { var raw map[string]interface{} @@ -2461,7 +2571,7 @@ func (j *SpecDistributionModulesPolicyGatekeeper) UnmarshalJSON(b []byte) error return nil } -type SpecDistributionModulesPolicyKyvernoValidationFailureAction string +const TypesAwsRegionUsGovEast1 TypesAwsRegion = "us-gov-east-1" var enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction = []interface{}{ "Audit", @@ -2469,49 +2579,31 @@ var enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction = []i } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesPolicyKyvernoValidationFailureAction) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction, v) - } - *j = SpecDistributionModulesPolicyKyvernoValidationFailureAction(v) - return nil -} - -const ( - SpecDistributionModulesPolicyKyvernoValidationFailureActionAudit SpecDistributionModulesPolicyKyvernoValidationFailureAction = "Audit" - SpecDistributionModulesPolicyKyvernoValidationFailureActionEnforce SpecDistributionModulesPolicyKyvernoValidationFailureAction = "Enforce" -) - -// Configuration for the Kyverno package. -type SpecDistributionModulesPolicyKyverno struct { - // This parameter adds namespaces to Kyverno's exemption list, so it will not - // enforce the policies on them. - AdditionalExcludedNamespaces []string `json:"additionalExcludedNamespaces,omitempty" yaml:"additionalExcludedNamespaces,omitempty" mapstructure:"additionalExcludedNamespaces,omitempty"` - - // Set to `false` to avoid installing the default Kyverno policies included with - // distribution. - InstallDefaultPolicies bool `json:"installDefaultPolicies" yaml:"installDefaultPolicies" mapstructure:"installDefaultPolicies"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // The validation failure action to use for the included policies, `Enforce` will - // block when a request does not comply with the policies and `Audit` will not - // block but log when a request does not comply with the policies. - ValidationFailureAction SpecDistributionModulesPolicyKyvernoValidationFailureAction `json:"validationFailureAction" yaml:"validationFailureAction" mapstructure:"validationFailureAction"` +func (j *SpecDistributionModulesPolicyKyvernoValidationFailureAction) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction, v) + } + *j = SpecDistributionModulesPolicyKyvernoValidationFailureAction(v) + return nil } +const ( + TypesAwsRegionUsEast2 TypesAwsRegion = "us-east-2" + TypesAwsRegionUsEast1 TypesAwsRegion = "us-east-1" + TypesAwsRegionSaEast1 TypesAwsRegion = "sa-east-1" +) + // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistributionModulesPolicyKyverno) UnmarshalJSON(b []byte) error { var raw map[string]interface{} @@ -2533,7 +2625,7 @@ func (j *SpecDistributionModulesPolicyKyverno) UnmarshalJSON(b []byte) error { return nil } -type SpecDistributionModulesPolicyType string +const TypesAwsRegionMeSouth1 TypesAwsRegion = "me-south-1" var enumValues_SpecDistributionModulesPolicyType = []interface{}{ "none", @@ -2562,29 +2654,12 @@ func (j *SpecDistributionModulesPolicyType) UnmarshalJSON(b []byte) error { } const ( - SpecDistributionModulesPolicyTypeNone SpecDistributionModulesPolicyType = "none" - SpecDistributionModulesPolicyTypeGatekeeper SpecDistributionModulesPolicyType = "gatekeeper" - SpecDistributionModulesPolicyTypeKyverno SpecDistributionModulesPolicyType = "kyverno" + TypesAwsRegionMeCentral1 TypesAwsRegion = "me-central-1" + TypesAwsRegionEuWest3 TypesAwsRegion = "eu-west-3" + TypesAwsRegionEuWest2 TypesAwsRegion = "eu-west-2" + TypesAwsRegionEuWest1 TypesAwsRegion = "eu-west-1" ) -// Configuration for the Policy module. -type SpecDistributionModulesPolicy struct { - // Gatekeeper corresponds to the JSON schema field "gatekeeper". - Gatekeeper *SpecDistributionModulesPolicyGatekeeper `json:"gatekeeper,omitempty" yaml:"gatekeeper,omitempty" mapstructure:"gatekeeper,omitempty"` - - // Kyverno corresponds to the JSON schema field "kyverno". - Kyverno *SpecDistributionModulesPolicyKyverno `json:"kyverno,omitempty" yaml:"kyverno,omitempty" mapstructure:"kyverno,omitempty"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // The type of policy enforcement to use, either `none`, `gatekeeper` or - // `kyverno`. - // - // Default is `none`. - Type SpecDistributionModulesPolicyType `json:"type" yaml:"type" mapstructure:"type"` -} - // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistributionModulesPolicy) UnmarshalJSON(b []byte) error { var raw map[string]interface{} @@ -2603,27 +2678,11 @@ func (j *SpecDistributionModulesPolicy) UnmarshalJSON(b []byte) error { return nil } -type SpecDistributionModulesTracingMinioRootUser struct { - // The password for the default MinIO root user. - Password *string `json:"password,omitempty" yaml:"password,omitempty" mapstructure:"password,omitempty"` - - // The username for the default MinIO root user. - Username *string `json:"username,omitempty" yaml:"username,omitempty" mapstructure:"username,omitempty"` -} - -// Configuration for Tracing's MinIO deployment. -type SpecDistributionModulesTracingMinio struct { - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // RootUser corresponds to the JSON schema field "rootUser". - RootUser *SpecDistributionModulesTracingMinioRootUser `json:"rootUser,omitempty" yaml:"rootUser,omitempty" mapstructure:"rootUser,omitempty"` - - // The PVC size for each MinIO disk, 6 disks total. - StorageSize *string `json:"storageSize,omitempty" yaml:"storageSize,omitempty" mapstructure:"storageSize,omitempty"` -} - -type SpecDistributionModulesTracingTempoBackend string +const ( + TypesAwsRegionEuSouth2 TypesAwsRegion = "eu-south-2" + TypesAwsRegionEuSouth1 TypesAwsRegion = "eu-south-1" + TypesAwsRegionEuNorth1 TypesAwsRegion = "eu-north-1" +) var enumValues_SpecDistributionModulesTracingTempoBackend = []interface{}{ "minio", @@ -2651,47 +2710,13 @@ func (j *SpecDistributionModulesTracingTempoBackend) UnmarshalJSON(b []byte) err } const ( - SpecDistributionModulesTracingTempoBackendMinio SpecDistributionModulesTracingTempoBackend = "minio" - SpecDistributionModulesTracingTempoBackendExternalEndpoint SpecDistributionModulesTracingTempoBackend = "externalEndpoint" + TypesAwsRegionEuCentral2 TypesAwsRegion = "eu-central-2" + TypesAwsRegionEuCentral1 TypesAwsRegion = "eu-central-1" + TypesAwsRegionCaCentral1 TypesAwsRegion = "ca-central-1" + TypesAwsRegionApSoutheast4 TypesAwsRegion = "ap-southeast-4" + TypesAwsRegionApSoutheast3 TypesAwsRegion = "ap-southeast-3" ) -// Configuration for Tempo's external storage backend. -type SpecDistributionModulesTracingTempoExternalEndpoint struct { - // The access key ID (username) for the external S3-compatible bucket. - AccessKeyId *string `json:"accessKeyId,omitempty" yaml:"accessKeyId,omitempty" mapstructure:"accessKeyId,omitempty"` - - // The bucket name of the external S3-compatible object storage. - BucketName *string `json:"bucketName,omitempty" yaml:"bucketName,omitempty" mapstructure:"bucketName,omitempty"` - - // The external S3-compatible endpoint for Tempo's storage. - Endpoint *string `json:"endpoint,omitempty" yaml:"endpoint,omitempty" mapstructure:"endpoint,omitempty"` - - // If true, will use HTTP as protocol instead of HTTPS. - Insecure *bool `json:"insecure,omitempty" yaml:"insecure,omitempty" mapstructure:"insecure,omitempty"` - - // The secret access key (password) for the external S3-compatible bucket. - SecretAccessKey *string `json:"secretAccessKey,omitempty" yaml:"secretAccessKey,omitempty" mapstructure:"secretAccessKey,omitempty"` -} - -// Configuration for the Tempo package. -type SpecDistributionModulesTracingTempo struct { - // The storage backend type for Tempo. `minio` will use an in-cluster MinIO - // deployment for object storage, `externalEndpoint` can be used to point to an - // external S3-compatible object storage instead of deploying an in-cluster MinIO. - Backend *SpecDistributionModulesTracingTempoBackend `json:"backend,omitempty" yaml:"backend,omitempty" mapstructure:"backend,omitempty"` - - // Configuration for Tempo's external storage backend. - ExternalEndpoint *SpecDistributionModulesTracingTempoExternalEndpoint `json:"externalEndpoint,omitempty" yaml:"externalEndpoint,omitempty" mapstructure:"externalEndpoint,omitempty"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // The retention time for the traces stored in Tempo. - RetentionTime *string `json:"retentionTime,omitempty" yaml:"retentionTime,omitempty" mapstructure:"retentionTime,omitempty"` -} - -type SpecDistributionModulesTracingType string - var enumValues_SpecDistributionModulesTracingType = []interface{}{ "none", "tempo", @@ -2718,28 +2743,11 @@ func (j *SpecDistributionModulesTracingType) UnmarshalJSON(b []byte) error { } const ( - SpecDistributionModulesTracingTypeNone SpecDistributionModulesTracingType = "none" - SpecDistributionModulesTracingTypeTempo SpecDistributionModulesTracingType = "tempo" + TypesAwsRegionApSoutheast2 TypesAwsRegion = "ap-southeast-2" + TypesAwsRegionApSoutheast1 TypesAwsRegion = "ap-southeast-1" + TypesAwsRegionApSouth2 TypesAwsRegion = "ap-south-2" ) -// Configuration for the Tracing module. -type SpecDistributionModulesTracing struct { - // Minio corresponds to the JSON schema field "minio". - Minio *SpecDistributionModulesTracingMinio `json:"minio,omitempty" yaml:"minio,omitempty" mapstructure:"minio,omitempty"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleOverrides `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // Tempo corresponds to the JSON schema field "tempo". - Tempo *SpecDistributionModulesTracingTempo `json:"tempo,omitempty" yaml:"tempo,omitempty" mapstructure:"tempo,omitempty"` - - // The type of tracing to use, either `none` or `tempo`. `none` will disable the - // Tracing module and `tempo` will install a Grafana Tempo deployment. - // - // Default is `tempo`. - Type SpecDistributionModulesTracingType `json:"type" yaml:"type" mapstructure:"type"` -} - // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistributionModulesTracing) UnmarshalJSON(b []byte) error { var raw map[string]interface{} @@ -2758,34 +2766,7 @@ func (j *SpecDistributionModulesTracing) UnmarshalJSON(b []byte) error { return nil } -type SpecDistributionModules struct { - // Auth corresponds to the JSON schema field "auth". - Auth *SpecDistributionModulesAuth `json:"auth,omitempty" yaml:"auth,omitempty" mapstructure:"auth,omitempty"` - - // Aws corresponds to the JSON schema field "aws". - Aws *SpecDistributionModulesAws `json:"aws,omitempty" yaml:"aws,omitempty" mapstructure:"aws,omitempty"` - - // Dr corresponds to the JSON schema field "dr". - Dr SpecDistributionModulesDr `json:"dr" yaml:"dr" mapstructure:"dr"` - - // Ingress corresponds to the JSON schema field "ingress". - Ingress SpecDistributionModulesIngress `json:"ingress" yaml:"ingress" mapstructure:"ingress"` - - // Logging corresponds to the JSON schema field "logging". - Logging SpecDistributionModulesLogging `json:"logging" yaml:"logging" mapstructure:"logging"` - - // Monitoring corresponds to the JSON schema field "monitoring". - Monitoring *SpecDistributionModulesMonitoring `json:"monitoring,omitempty" yaml:"monitoring,omitempty" mapstructure:"monitoring,omitempty"` - - // Networking corresponds to the JSON schema field "networking". - Networking *SpecDistributionModulesNetworking `json:"networking,omitempty" yaml:"networking,omitempty" mapstructure:"networking,omitempty"` - - // Policy corresponds to the JSON schema field "policy". - Policy SpecDistributionModulesPolicy `json:"policy" yaml:"policy" mapstructure:"policy"` - - // Tracing corresponds to the JSON schema field "tracing". - Tracing *SpecDistributionModulesTracing `json:"tracing,omitempty" yaml:"tracing,omitempty" mapstructure:"tracing,omitempty"` -} +const TypesAwsRegionApSouth1 TypesAwsRegion = "ap-south-1" // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistributionModules) UnmarshalJSON(b []byte) error { @@ -2814,16 +2795,7 @@ func (j *SpecDistributionModules) UnmarshalJSON(b []byte) error { return nil } -type SpecDistribution struct { - // Common corresponds to the JSON schema field "common". - Common *SpecDistributionCommon `json:"common,omitempty" yaml:"common,omitempty" mapstructure:"common,omitempty"` - - // CustomPatches corresponds to the JSON schema field "customPatches". - CustomPatches *SpecDistributionCustompatches `json:"customPatches,omitempty" yaml:"customPatches,omitempty" mapstructure:"customPatches,omitempty"` - - // Modules corresponds to the JSON schema field "modules". - Modules SpecDistributionModules `json:"modules" yaml:"modules" mapstructure:"modules"` -} +const TypesAwsRegionApNortheast3 TypesAwsRegion = "ap-northeast-3" // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistribution) UnmarshalJSON(b []byte) error { @@ -2845,16 +2817,7 @@ func (j *SpecDistribution) UnmarshalJSON(b []byte) error { type TypesCidr string -// Network CIDRS configuration for private and public subnets. -type SpecInfrastructureVpcNetworkSubnetsCidrs struct { - // The network CIDRs for the private subnets, where the nodes, the pods, and the - // private load balancers will be created - Private []TypesCidr `json:"private" yaml:"private" mapstructure:"private"` - - // The network CIDRs for the public subnets, where the public load balancers and - // the VPN servers will be created - Public []TypesCidr `json:"public" yaml:"public" mapstructure:"public"` -} +const TypesAwsRegionApNortheast2 TypesAwsRegion = "ap-northeast-2" // UnmarshalJSON implements json.Unmarshaler. func (j *SpecInfrastructureVpcNetworkSubnetsCidrs) UnmarshalJSON(b []byte) error { @@ -2877,13 +2840,7 @@ func (j *SpecInfrastructureVpcNetworkSubnetsCidrs) UnmarshalJSON(b []byte) error return nil } -type SpecInfrastructureVpcNetwork struct { - // The network CIDR for the VPC that will be created - Cidr TypesCidr `json:"cidr" yaml:"cidr" mapstructure:"cidr"` - - // SubnetsCidrs corresponds to the JSON schema field "subnetsCidrs". - SubnetsCidrs SpecInfrastructureVpcNetworkSubnetsCidrs `json:"subnetsCidrs" yaml:"subnetsCidrs" mapstructure:"subnetsCidrs"` -} +const TypesAwsRegionApNortheast1 TypesAwsRegion = "ap-northeast-1" // UnmarshalJSON implements json.Unmarshaler. func (j *SpecInfrastructureVpcNetwork) UnmarshalJSON(b []byte) error { @@ -2906,13 +2863,7 @@ func (j *SpecInfrastructureVpcNetwork) UnmarshalJSON(b []byte) error { return nil } -// Configuration for the VPC that will be created to host the EKS cluster and its -// related resources. If you already have a VPC that you want to use, leave this -// section empty and use `.spec.kubernetes.vpcId` instead. -type SpecInfrastructureVpc struct { - // Network corresponds to the JSON schema field "network". - Network SpecInfrastructureVpcNetwork `json:"network" yaml:"network" mapstructure:"network"` -} +const TypesAwsRegionApEast1 TypesAwsRegion = "ap-east-1" // UnmarshalJSON implements json.Unmarshaler. func (j *SpecInfrastructureVpc) UnmarshalJSON(b []byte) error { @@ -2936,19 +2887,7 @@ type TypesAwsS3BucketNamePrefix string type TypesTcpPort int -type SpecInfrastructureVpnSsh struct { - // The network CIDR enabled in the security group to access the VPN servers - // (bastions) via SSH. Setting this to `0.0.0.0/0` will allow any source. - AllowedFromCidrs []TypesCidr `json:"allowedFromCidrs" yaml:"allowedFromCidrs" mapstructure:"allowedFromCidrs"` - - // List of GitHub usernames from whom get their SSH public key and add as - // authorized keys of the `operatorName` user. - GithubUsersName []string `json:"githubUsersName" yaml:"githubUsersName" mapstructure:"githubUsersName"` - - // **NOT IN USE**, use `githubUsersName` instead. This value defines the public - // keys that will be added to the bastion's operating system. - PublicKeys []interface{} `json:"publicKeys,omitempty" yaml:"publicKeys,omitempty" mapstructure:"publicKeys,omitempty"` -} +const TypesAwsRegionAfSouth1 TypesAwsRegion = "af-south-1" // UnmarshalJSON implements json.Unmarshaler. func (j *SpecInfrastructureVpnSsh) UnmarshalJSON(b []byte) error { @@ -2961,61 +2900,39 @@ func (j *SpecInfrastructureVpnSsh) UnmarshalJSON(b []byte) error { } if v, ok := raw["githubUsersName"]; !ok || v == nil { return fmt.Errorf("field githubUsersName in SpecInfrastructureVpnSsh: required") - } - type Plain SpecInfrastructureVpnSsh - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - if plain.GithubUsersName != nil && len(plain.GithubUsersName) < 1 { - return fmt.Errorf("field %s length: must be >= %d", "githubUsersName", 1) - } - *j = SpecInfrastructureVpnSsh(plain) - return nil -} - -type TypesAwsVpcId string - -// Configuration for the VPN server instances. -type SpecInfrastructureVpn struct { - // This value defines the prefix for the bucket name where the VPN servers will - // store their state (VPN certificates, users). - BucketNamePrefix *TypesAwsS3BucketNamePrefix `json:"bucketNamePrefix,omitempty" yaml:"bucketNamePrefix,omitempty" mapstructure:"bucketNamePrefix,omitempty"` - - // The `dhParamsBits` size used for the creation of the .pem file that will be - // used in the dh openvpn server.conf file. - DhParamsBits *int `json:"dhParamsBits,omitempty" yaml:"dhParamsBits,omitempty" mapstructure:"dhParamsBits,omitempty"` - - // The size of the disk in GB for each VPN server. Example: entering `50` will - // create disks of 50 GB. - DiskSize *int `json:"diskSize,omitempty" yaml:"diskSize,omitempty" mapstructure:"diskSize,omitempty"` - - // Overrides IAM user name for the VPN. Default is to use the cluster name. - IamUserNameOverride *TypesAwsIamRoleName `json:"iamUserNameOverride,omitempty" yaml:"iamUserNameOverride,omitempty" mapstructure:"iamUserNameOverride,omitempty"` - - // The type of the AWS EC2 instance for each VPN server. Follows AWS EC2 - // nomenclature. Example: `t3-micro`. - InstanceType *string `json:"instanceType,omitempty" yaml:"instanceType,omitempty" mapstructure:"instanceType,omitempty"` - - // The number of VPN server instances to create, `0` to skip the creation. - Instances *int `json:"instances,omitempty" yaml:"instances,omitempty" mapstructure:"instances,omitempty"` - - // The username of the account to create in the bastion's operating system. - OperatorName *string `json:"operatorName,omitempty" yaml:"operatorName,omitempty" mapstructure:"operatorName,omitempty"` - - // The port where each OpenVPN server will listen for connections. - Port *TypesTcpPort `json:"port,omitempty" yaml:"port,omitempty" mapstructure:"port,omitempty"` - - // Ssh corresponds to the JSON schema field "ssh". - Ssh SpecInfrastructureVpnSsh `json:"ssh" yaml:"ssh" mapstructure:"ssh"` + } + type Plain SpecInfrastructureVpnSsh + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + if plain.GithubUsersName != nil && len(plain.GithubUsersName) < 1 { + return fmt.Errorf("field %s length: must be >= %d", "githubUsersName", 1) + } + *j = SpecInfrastructureVpnSsh(plain) + return nil +} - // The ID of the VPC where the VPN server instances will be created, required only - // if `.spec.infrastructure.vpc` is omitted. - VpcId *TypesAwsVpcId `json:"vpcId,omitempty" yaml:"vpcId,omitempty" mapstructure:"vpcId,omitempty"` +type TypesAwsVpcId string - // The network CIDR that will be used to assign IP addresses to the VPN clients - // when connected. - VpnClientsSubnetCidr TypesCidr `json:"vpnClientsSubnetCidr" yaml:"vpnClientsSubnetCidr" mapstructure:"vpnClientsSubnetCidr"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *TypesAwsRegion) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_TypesAwsRegion { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesAwsRegion, v) + } + *j = TypesAwsRegion(v) + return nil } // UnmarshalJSON implements json.Unmarshaler. @@ -3039,31 +2956,39 @@ func (j *SpecInfrastructureVpn) UnmarshalJSON(b []byte) error { return nil } -type SpecInfrastructure struct { - // Vpc corresponds to the JSON schema field "vpc". - Vpc *SpecInfrastructureVpc `json:"vpc,omitempty" yaml:"vpc,omitempty" mapstructure:"vpc,omitempty"` - - // Vpn corresponds to the JSON schema field "vpn". - Vpn *SpecInfrastructureVpn `json:"vpn,omitempty" yaml:"vpn,omitempty" mapstructure:"vpn,omitempty"` +var enumValues_TypesAwsRegion = []interface{}{ + "af-south-1", + "ap-east-1", + "ap-northeast-1", + "ap-northeast-2", + "ap-northeast-3", + "ap-south-1", + "ap-south-2", + "ap-southeast-1", + "ap-southeast-2", + "ap-southeast-3", + "ap-southeast-4", + "ca-central-1", + "eu-central-1", + "eu-central-2", + "eu-north-1", + "eu-south-1", + "eu-south-2", + "eu-west-1", + "eu-west-2", + "eu-west-3", + "me-central-1", + "me-south-1", + "sa-east-1", + "us-east-1", + "us-east-2", + "us-gov-east-1", + "us-gov-west-1", + "us-west-1", + "us-west-2", } -type SpecKubernetesAPIServer struct { - // This value defines if the Kubernetes API server will be accessible from the - // private subnets. Default it `true`. - PrivateAccess bool `json:"privateAccess" yaml:"privateAccess" mapstructure:"privateAccess"` - - // The network CIDRs from the private subnets that will be allowed access the - // Kubernetes API server. - PrivateAccessCidrs []TypesCidr `json:"privateAccessCidrs,omitempty" yaml:"privateAccessCidrs,omitempty" mapstructure:"privateAccessCidrs,omitempty"` - - // This value defines if the Kubernetes API server will be accessible from the - // public subnets. Default is `false`. - PublicAccess bool `json:"publicAccess" yaml:"publicAccess" mapstructure:"publicAccess"` - - // The network CIDRs from the public subnets that will be allowed access the - // Kubernetes API server. - PublicAccessCidrs []TypesCidr `json:"publicAccessCidrs,omitempty" yaml:"publicAccessCidrs,omitempty" mapstructure:"publicAccessCidrs,omitempty"` -} +type TypesAwsRegion string // UnmarshalJSON implements json.Unmarshaler. func (j *SpecKubernetesAPIServer) UnmarshalJSON(b []byte) error { @@ -3086,16 +3011,7 @@ func (j *SpecKubernetesAPIServer) UnmarshalJSON(b []byte) error { return nil } -type SpecKubernetesAwsAuthRole struct { - // Groups corresponds to the JSON schema field "groups". - Groups []string `json:"groups" yaml:"groups" mapstructure:"groups"` - - // Rolearn corresponds to the JSON schema field "rolearn". - Rolearn TypesAwsArn `json:"rolearn" yaml:"rolearn" mapstructure:"rolearn"` - - // Username corresponds to the JSON schema field "username". - Username string `json:"username" yaml:"username" mapstructure:"username"` -} +type TypesAwsS3BucketName string // UnmarshalJSON implements json.Unmarshaler. func (j *SpecKubernetesAwsAuthRole) UnmarshalJSON(b []byte) error { @@ -3121,15 +3037,24 @@ func (j *SpecKubernetesAwsAuthRole) UnmarshalJSON(b []byte) error { return nil } -type SpecKubernetesAwsAuthUser struct { - // Groups corresponds to the JSON schema field "groups". - Groups []string `json:"groups" yaml:"groups" mapstructure:"groups"` - - // Userarn corresponds to the JSON schema field "userarn". - Userarn TypesAwsArn `json:"userarn" yaml:"userarn" mapstructure:"userarn"` - - // Username corresponds to the JSON schema field "username". - Username string `json:"username" yaml:"username" mapstructure:"username"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesDrType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionModulesDrType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesDrType, v) + } + *j = SpecDistributionModulesDrType(v) + return nil } // UnmarshalJSON implements json.Unmarshaler. @@ -3156,27 +3081,39 @@ func (j *SpecKubernetesAwsAuthUser) UnmarshalJSON(b []byte) error { return nil } -// Optional additional security configuration for EKS IAM via the `aws-auth` -// configmap. -// -// Ref: https://docs.aws.amazon.com/eks/latest/userguide/auth-configmap.html -type SpecKubernetesAwsAuth struct { - // This optional array defines additional AWS accounts that will be added to the - // `aws-auth` configmap. - AdditionalAccounts []string `json:"additionalAccounts,omitempty" yaml:"additionalAccounts,omitempty" mapstructure:"additionalAccounts,omitempty"` - - // This optional array defines additional IAM roles that will be added to the - // `aws-auth` configmap. - Roles []SpecKubernetesAwsAuthRole `json:"roles,omitempty" yaml:"roles,omitempty" mapstructure:"roles,omitempty"` - - // This optional array defines additional IAM users that will be added to the - // `aws-auth` configmap. - Users []SpecKubernetesAwsAuthUser `json:"users,omitempty" yaml:"users,omitempty" mapstructure:"users,omitempty"` +var enumValues_SpecDistributionModulesDrType = []interface{}{ + "none", + "eks", } type TypesAwsIamRoleNamePrefix string -type SpecKubernetesLogRetentionDays int +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAws) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["clusterAutoscaler"]; !ok || v == nil { + return fmt.Errorf("field clusterAutoscaler in SpecDistributionModulesAws: required") + } + if v, ok := raw["ebsCsiDriver"]; !ok || v == nil { + return fmt.Errorf("field ebsCsiDriver in SpecDistributionModulesAws: required") + } + if v, ok := raw["loadBalancerController"]; !ok || v == nil { + return fmt.Errorf("field loadBalancerController in SpecDistributionModulesAws: required") + } + if v, ok := raw["overrides"]; !ok || v == nil { + return fmt.Errorf("field overrides in SpecDistributionModulesAws: required") + } + type Plain SpecDistributionModulesAws + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesAws(plain) + return nil +} var enumValues_SpecKubernetesLogRetentionDays = []interface{}{ 0, @@ -3224,7 +3161,18 @@ func (j *SpecKubernetesLogRetentionDays) UnmarshalJSON(b []byte) error { return nil } -type SpecKubernetesLogsTypesElem string +// Override the common configuration with a particular configuration for the +// module. +type TypesFuryModuleOverrides struct { + // Ingresses corresponds to the JSON schema field "ingresses". + Ingresses TypesFuryModuleOverridesIngresses `json:"ingresses,omitempty" yaml:"ingresses,omitempty" mapstructure:"ingresses,omitempty"` + + // Set to override the node selector used to place the pods of the module. + NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + + // Set to override the tolerations that will be added to the pods of the module. + Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +} var enumValues_SpecKubernetesLogsTypesElem = []interface{}{ "api", @@ -3240,28 +3188,88 @@ func (j *SpecKubernetesLogsTypesElem) UnmarshalJSON(b []byte) error { if err := json.Unmarshal(b, &v); err != nil { return err } - var ok bool - for _, expected := range enumValues_SpecKubernetesLogsTypesElem { - if reflect.DeepEqual(v, expected) { - ok = true - break - } + var ok bool + for _, expected := range enumValues_SpecKubernetesLogsTypesElem { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesLogsTypesElem, v) + } + *j = SpecKubernetesLogsTypesElem(v) + return nil +} + +type TypesFuryModuleOverridesIngresses map[string]TypesFuryModuleOverridesIngress + +type TypesFuryModuleOverridesIngress struct { + // If true, the ingress will not have authentication even if + // `.spec.modules.auth.provider.type` is SSO or Basic Auth. + DisableAuth *bool `json:"disableAuth,omitempty" yaml:"disableAuth,omitempty" mapstructure:"disableAuth,omitempty"` + + // Use this host for the ingress instead of the default one. + Host *string `json:"host,omitempty" yaml:"host,omitempty" mapstructure:"host,omitempty"` + + // Use this ingress class for the ingress instead of the default one. + IngressClass *string `json:"ingressClass,omitempty" yaml:"ingressClass,omitempty" mapstructure:"ingressClass,omitempty"` +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAwsLoadBalancerController) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["iamRoleArn"]; !ok || v == nil { + return fmt.Errorf("field iamRoleArn in SpecDistributionModulesAwsLoadBalancerController: required") + } + type Plain SpecDistributionModulesAwsLoadBalancerController + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesAwsLoadBalancerController(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAwsEbsCsiDriver) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["iamRoleArn"]; !ok || v == nil { + return fmt.Errorf("field iamRoleArn in SpecDistributionModulesAwsEbsCsiDriver: required") + } + type Plain SpecDistributionModulesAwsEbsCsiDriver + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesAwsEbsCsiDriver(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAwsClusterAutoscaler) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["iamRoleArn"]; !ok || v == nil { + return fmt.Errorf("field iamRoleArn in SpecDistributionModulesAwsClusterAutoscaler: required") } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesLogsTypesElem, v) + type Plain SpecDistributionModulesAwsClusterAutoscaler + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - *j = SpecKubernetesLogsTypesElem(v) + *j = SpecDistributionModulesAwsClusterAutoscaler(plain) return nil } -const ( - SpecKubernetesLogsTypesElemApi SpecKubernetesLogsTypesElem = "api" - SpecKubernetesLogsTypesElemAudit SpecKubernetesLogsTypesElem = "audit" - SpecKubernetesLogsTypesElemAuthenticator SpecKubernetesLogsTypesElem = "authenticator" - SpecKubernetesLogsTypesElemControllerManager SpecKubernetesLogsTypesElem = "controllerManager" - SpecKubernetesLogsTypesElemScheduler SpecKubernetesLogsTypesElem = "scheduler" -) - type SpecKubernetesNodePoolGlobalAmiType string var enumValues_SpecKubernetesNodePoolGlobalAmiType = []interface{}{ @@ -3294,13 +3302,17 @@ const ( SpecKubernetesNodePoolGlobalAmiTypeAlinux2023 SpecKubernetesNodePoolGlobalAmiType = "alinux2023" ) -// Port range for the Firewall Rule. -type SpecKubernetesNodePoolAdditionalFirewallRulePorts struct { - // From corresponds to the JSON schema field "from". - From TypesTcpPort `json:"from" yaml:"from" mapstructure:"from"` +type TypesFuryModuleComponentOverridesWithIAMRoleName struct { + // IamRoleName corresponds to the JSON schema field "iamRoleName". + IamRoleName *TypesAwsIamRoleName `json:"iamRoleName,omitempty" yaml:"iamRoleName,omitempty" mapstructure:"iamRoleName,omitempty"` - // To corresponds to the JSON schema field "to". - To TypesTcpPort `json:"to" yaml:"to" mapstructure:"to"` + // The node selector to use to place the pods for the load balancer controller + // module. + NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + + // The tolerations that will be added to the pods for the cluster autoscaler + // module. + Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` } // UnmarshalJSON implements json.Unmarshaler. @@ -3328,7 +3340,7 @@ type TypesAwsIpProtocol string type TypesAwsTags map[string]string -type SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType string +type TypesAwsIamRoleName string var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType = []interface{}{ "ingress", @@ -3355,30 +3367,44 @@ func (j *SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType) UnmarshalJSO return nil } -const ( - SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockTypeIngress SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType = "ingress" - SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockTypeEgress SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType = "egress" -) - -type SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlock struct { - // CidrBlocks corresponds to the JSON schema field "cidrBlocks". - CidrBlocks []TypesCidr `json:"cidrBlocks" yaml:"cidrBlocks" mapstructure:"cidrBlocks"` - - // Name corresponds to the JSON schema field "name". - Name string `json:"name" yaml:"name" mapstructure:"name"` - - // Ports corresponds to the JSON schema field "ports". - Ports SpecKubernetesNodePoolAdditionalFirewallRulePorts `json:"ports" yaml:"ports" mapstructure:"ports"` - - // Protocol corresponds to the JSON schema field "protocol". - Protocol TypesAwsIpProtocol `json:"protocol" yaml:"protocol" mapstructure:"protocol"` +type TypesAwsArn string - // Additional AWS tags for the Firewall rule. - Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAuth) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["provider"]; !ok || v == nil { + return fmt.Errorf("field provider in SpecDistributionModulesAuth: required") + } + type Plain SpecDistributionModulesAuth + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesAuth(plain) + return nil +} - // The type of the Firewall rule, can be `ingress` for incoming traffic or - // `egress` for outgoing traffic. - Type SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType `json:"type" yaml:"type" mapstructure:"type"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesLoggingType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionModulesLoggingType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingType, v) + } + *j = SpecDistributionModulesLoggingType(v) + return nil } // UnmarshalJSON implements json.Unmarshaler. @@ -3414,7 +3440,25 @@ func (j *SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlock) UnmarshalJSON(b return nil } -type SpecKubernetesNodePoolAdditionalFirewallRuleSelfType string +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAuthProviderType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionModulesAuthProviderType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesAuthProviderType, v) + } + *j = SpecDistributionModulesAuthProviderType(v) + return nil +} var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSelfType = []interface{}{ "ingress", @@ -3441,30 +3485,52 @@ func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSelfType) UnmarshalJSON(b [ return nil } -const ( - SpecKubernetesNodePoolAdditionalFirewallRuleSelfTypeIngress SpecKubernetesNodePoolAdditionalFirewallRuleSelfType = "ingress" - SpecKubernetesNodePoolAdditionalFirewallRuleSelfTypeEgress SpecKubernetesNodePoolAdditionalFirewallRuleSelfType = "egress" -) - -type SpecKubernetesNodePoolAdditionalFirewallRuleSelf struct { - // The name of the Firewall rule. - Name string `json:"name" yaml:"name" mapstructure:"name"` - - // Ports corresponds to the JSON schema field "ports". - Ports SpecKubernetesNodePoolAdditionalFirewallRulePorts `json:"ports" yaml:"ports" mapstructure:"ports"` - - // The protocol of the Firewall rule. - Protocol TypesAwsIpProtocol `json:"protocol" yaml:"protocol" mapstructure:"protocol"` - - // If `true`, the source will be the security group itself. - Self bool `json:"self" yaml:"self" mapstructure:"self"` +var enumValues_SpecDistributionModulesAuthProviderType = []interface{}{ + "none", + "basicAuth", + "sso", +} - // Additional AWS tags for the Firewall rule. - Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAuthProviderBasicAuth) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["password"]; !ok || v == nil { + return fmt.Errorf("field password in SpecDistributionModulesAuthProviderBasicAuth: required") + } + if v, ok := raw["username"]; !ok || v == nil { + return fmt.Errorf("field username in SpecDistributionModulesAuthProviderBasicAuth: required") + } + type Plain SpecDistributionModulesAuthProviderBasicAuth + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesAuthProviderBasicAuth(plain) + return nil +} - // The type of the Firewall rule, can be `ingress` for incoming traffic or - // `egress` for outgoing traffic. - Type SpecKubernetesNodePoolAdditionalFirewallRuleSelfType `json:"type" yaml:"type" mapstructure:"type"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAuthOverridesIngress) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["host"]; !ok || v == nil { + return fmt.Errorf("field host in SpecDistributionModulesAuthOverridesIngress: required") + } + if v, ok := raw["ingressClass"]; !ok || v == nil { + return fmt.Errorf("field ingressClass in SpecDistributionModulesAuthOverridesIngress: required") + } + type Plain SpecDistributionModulesAuthOverridesIngress + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesAuthOverridesIngress(plain) + return nil } // UnmarshalJSON implements json.Unmarshaler. @@ -3493,63 +3559,99 @@ func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSelf) UnmarshalJSON(b []byt if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecKubernetesNodePoolAdditionalFirewallRuleSelf(plain) + *j = SpecKubernetesNodePoolAdditionalFirewallRuleSelf(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAuthDex) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["connectors"]; !ok || v == nil { + return fmt.Errorf("field connectors in SpecDistributionModulesAuthDex: required") + } + type Plain SpecDistributionModulesAuthDex + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesAuthDex(plain) + return nil +} + +var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType = []interface{}{ + "ingress", + "egress", +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType, v) + } + *j = SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType(v) + return nil +} + +type TypesFuryModuleComponentOverrides struct { + // Set to override the node selector used to place the pods of the package. + NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + + // Set to override the tolerations that will be added to the pods of the package. + Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionCustomPatchesSecretGeneratorResource) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionCustomPatchesSecretGeneratorResource: required") + } + type Plain SpecDistributionCustomPatchesSecretGeneratorResource + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionCustomPatchesSecretGeneratorResource(plain) return nil } -type SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType string - -var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType = []interface{}{ - "ingress", - "egress", -} - // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionCustomPatchesSecretGeneratorResourceBehavior) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType { + for _, expected := range enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior, v) } - *j = SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType(v) + *j = SpecDistributionCustomPatchesSecretGeneratorResourceBehavior(v) return nil } -const ( - SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdTypeIngress SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType = "ingress" - SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdTypeEgress SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType = "egress" -) - -type SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId struct { - // The name for the additional Firewall rule Security Group. - Name string `json:"name" yaml:"name" mapstructure:"name"` - - // Ports corresponds to the JSON schema field "ports". - Ports SpecKubernetesNodePoolAdditionalFirewallRulePorts `json:"ports" yaml:"ports" mapstructure:"ports"` - - // The protocol of the Firewall rule. - Protocol TypesAwsIpProtocol `json:"protocol" yaml:"protocol" mapstructure:"protocol"` - - // The source security group ID. - SourceSecurityGroupId string `json:"sourceSecurityGroupId" yaml:"sourceSecurityGroupId" mapstructure:"sourceSecurityGroupId"` - - // Additional AWS tags for the Firewall rule. - Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` - - // The type of the Firewall rule, can be `ingress` for incoming traffic or - // `egress` for outgoing traffic. - Type SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType `json:"type" yaml:"type" mapstructure:"type"` -} - // UnmarshalJSON implements json.Unmarshaler. func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId) UnmarshalJSON(b []byte) error { var raw map[string]interface{} @@ -3580,16 +3682,10 @@ func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId) Unma return nil } -// Optional additional firewall rules that will be attached to the nodes. -type SpecKubernetesNodePoolAdditionalFirewallRules struct { - // The CIDR blocks objects definition for the Firewall rule. - CidrBlocks []SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlock `json:"cidrBlocks,omitempty" yaml:"cidrBlocks,omitempty" mapstructure:"cidrBlocks,omitempty"` - - // The `self` objects definition for the Firewall rule. - Self []SpecKubernetesNodePoolAdditionalFirewallRuleSelf `json:"self,omitempty" yaml:"self,omitempty" mapstructure:"self,omitempty"` - - // The Source Security Group ID objects definition for the Firewall rule. - SourceSecurityGroupId []SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId `json:"sourceSecurityGroupId,omitempty" yaml:"sourceSecurityGroupId,omitempty" mapstructure:"sourceSecurityGroupId,omitempty"` +var enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = []interface{}{ + "create", + "replace", + "merge", } // UnmarshalJSON implements json.Unmarshaler. @@ -3846,49 +3942,22 @@ const ( SpecKubernetesNodePoolTypeSelfManaged SpecKubernetesNodePoolType = "self-managed" ) -// Array with all the node pool definitions that will join the cluster. Each item -// is an object. -type SpecKubernetesNodePool struct { - // AdditionalFirewallRules corresponds to the JSON schema field - // "additionalFirewallRules". - AdditionalFirewallRules *SpecKubernetesNodePoolAdditionalFirewallRules `json:"additionalFirewallRules,omitempty" yaml:"additionalFirewallRules,omitempty" mapstructure:"additionalFirewallRules,omitempty"` - - // Ami corresponds to the JSON schema field "ami". - Ami *SpecKubernetesNodePoolAmi `json:"ami,omitempty" yaml:"ami,omitempty" mapstructure:"ami,omitempty"` - - // This optional array defines additional target groups to attach to the instances - // in the node pool. - AttachedTargetGroups []TypesAwsArn `json:"attachedTargetGroups,omitempty" yaml:"attachedTargetGroups,omitempty" mapstructure:"attachedTargetGroups,omitempty"` - - // The container runtime to use in the nodes of the node pool. Default is - // `containerd`. - ContainerRuntime *SpecKubernetesNodePoolContainerRuntime `json:"containerRuntime,omitempty" yaml:"containerRuntime,omitempty" mapstructure:"containerRuntime,omitempty"` - - // Instance corresponds to the JSON schema field "instance". - Instance SpecKubernetesNodePoolInstance `json:"instance" yaml:"instance" mapstructure:"instance"` - - // Kubernetes labels that will be added to the nodes. - Labels TypesKubeLabels_1 `json:"labels,omitempty" yaml:"labels,omitempty" mapstructure:"labels,omitempty"` - - // The name of the node pool. - Name string `json:"name" yaml:"name" mapstructure:"name"` - - // Size corresponds to the JSON schema field "size". - Size SpecKubernetesNodePoolSize `json:"size" yaml:"size" mapstructure:"size"` - - // Optional list of subnet IDs where to create the nodes. - SubnetIds []TypesAwsSubnetId `json:"subnetIds,omitempty" yaml:"subnetIds,omitempty" mapstructure:"subnetIds,omitempty"` - - // AWS tags that will be added to the ASG and EC2 instances. - Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` - - // Kubernetes taints that will be added to the nodes. - Taints TypesKubeTaints `json:"taints,omitempty" yaml:"taints,omitempty" mapstructure:"taints,omitempty"` - - // The type of Node Pool, can be `self-managed` for using customization like - // custom AMI, set max pods per node or `eks-managed` for using prebuilt AMIs from - // Amazon via the `ami.type` field. It is recommended to use `self-managed`. - Type SpecKubernetesNodePoolType `json:"type" yaml:"type" mapstructure:"type"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionCustomPatchesConfigMapGeneratorResource) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionCustomPatchesConfigMapGeneratorResource: required") + } + type Plain SpecDistributionCustomPatchesConfigMapGeneratorResource + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionCustomPatchesConfigMapGeneratorResource(plain) + return nil } // UnmarshalJSON implements json.Unmarshaler. @@ -3918,6 +3987,87 @@ func (j *SpecKubernetesNodePool) UnmarshalJSON(b []byte) error { return nil } +type SpecKubernetesNodePoolsCommonMetadataHttpEndpoint string + +var enumValues_SpecKubernetesNodePoolsCommonMetadataHttpEndpoint = []interface{}{ + "enabled", + "disabled", +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecKubernetesNodePoolsCommonMetadataHttpEndpoint) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecKubernetesNodePoolsCommonMetadataHttpEndpoint { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolsCommonMetadataHttpEndpoint, v) + } + *j = SpecKubernetesNodePoolsCommonMetadataHttpEndpoint(v) + return nil +} + +const ( + SpecKubernetesNodePoolsCommonMetadataHttpEndpointEnabled SpecKubernetesNodePoolsCommonMetadataHttpEndpoint = "enabled" + SpecKubernetesNodePoolsCommonMetadataHttpEndpointDisabled SpecKubernetesNodePoolsCommonMetadataHttpEndpoint = "disabled" +) + +type SpecKubernetesNodePoolsCommonMetadataHttpTokens string + +var enumValues_SpecKubernetesNodePoolsCommonMetadataHttpTokens = []interface{}{ + "optional", + "required", +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecKubernetesNodePoolsCommonMetadataHttpTokens) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecKubernetesNodePoolsCommonMetadataHttpTokens { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolsCommonMetadataHttpTokens, v) + } + *j = SpecKubernetesNodePoolsCommonMetadataHttpTokens(v) + return nil +} + +const ( + SpecKubernetesNodePoolsCommonMetadataHttpTokensOptional SpecKubernetesNodePoolsCommonMetadataHttpTokens = "optional" + SpecKubernetesNodePoolsCommonMetadataHttpTokensRequired SpecKubernetesNodePoolsCommonMetadataHttpTokens = "required" +) + +// All the common self-managed node pool definitions. Currently supports only the +// IMDS properties. +type SpecKubernetesNodePoolsCommon struct { + // Specifies whether the instance metadata service (IMDS) is enabled or disabled. + // When set to 'disabled', instance metadata is not accessible. + MetadataHttpEndpoint *SpecKubernetesNodePoolsCommonMetadataHttpEndpoint `json:"metadataHttpEndpoint,omitempty" yaml:"metadataHttpEndpoint,omitempty" mapstructure:"metadataHttpEndpoint,omitempty"` + + // Specifies the maximum number of network hops allowed for instance metadata PUT + // response packets. This helps control access to instance metadata across + // different network layers. + MetadataHttpPutResponseHopLimit *int `json:"metadataHttpPutResponseHopLimit,omitempty" yaml:"metadataHttpPutResponseHopLimit,omitempty" mapstructure:"metadataHttpPutResponseHopLimit,omitempty"` + + // Defines whether the use of IMDS session tokens is required. When set to + // 'required', all metadata requests must include a valid session token. + MetadataHttpTokens *SpecKubernetesNodePoolsCommonMetadataHttpTokens `json:"metadataHttpTokens,omitempty" yaml:"metadataHttpTokens,omitempty" mapstructure:"metadataHttpTokens,omitempty"` +} + type SpecKubernetesNodePoolsLaunchKind string var enumValues_SpecKubernetesNodePoolsLaunchKind = []interface{}{ @@ -3952,60 +4102,7 @@ const ( SpecKubernetesNodePoolsLaunchKindBoth SpecKubernetesNodePoolsLaunchKind = "both" ) -// Defines the Kubernetes components configuration and the values needed for the -// `kubernetes` phase of furyctl. -type SpecKubernetes struct { - // ApiServer corresponds to the JSON schema field "apiServer". - ApiServer SpecKubernetesAPIServer `json:"apiServer" yaml:"apiServer" mapstructure:"apiServer"` - - // AwsAuth corresponds to the JSON schema field "awsAuth". - AwsAuth *SpecKubernetesAwsAuth `json:"awsAuth,omitempty" yaml:"awsAuth,omitempty" mapstructure:"awsAuth,omitempty"` - - // Overrides the default prefix for the IAM role name of the EKS cluster. If not - // set, a name will be generated from the cluster name. - ClusterIAMRoleNamePrefixOverride *TypesAwsIamRoleNamePrefix `json:"clusterIAMRoleNamePrefixOverride,omitempty" yaml:"clusterIAMRoleNamePrefixOverride,omitempty" mapstructure:"clusterIAMRoleNamePrefixOverride,omitempty"` - - // Optional Kubernetes Cluster log retention in CloudWatch, expressed in days. - // Setting the value to zero (`0`) makes retention last forever. Default is `90` - // days. - LogRetentionDays *SpecKubernetesLogRetentionDays `json:"logRetentionDays,omitempty" yaml:"logRetentionDays,omitempty" mapstructure:"logRetentionDays,omitempty"` - - // Optional list of Kubernetes Cluster log types to enable. Defaults to all types. - LogsTypes []SpecKubernetesLogsTypesElem `json:"logsTypes,omitempty" yaml:"logsTypes,omitempty" mapstructure:"logsTypes,omitempty"` - - // The SSH public key that can connect to the nodes via SSH using the `ec2-user` - // user. Example: the contents of your `~/.ssh/id_ras.pub` file. - NodeAllowedSshPublicKey interface{} `json:"nodeAllowedSshPublicKey" yaml:"nodeAllowedSshPublicKey" mapstructure:"nodeAllowedSshPublicKey"` - - // Global default AMI type used for EKS worker nodes. This will apply to all node - // pools unless overridden by a specific node pool. - NodePoolGlobalAmiType SpecKubernetesNodePoolGlobalAmiType `json:"nodePoolGlobalAmiType" yaml:"nodePoolGlobalAmiType" mapstructure:"nodePoolGlobalAmiType"` - - // NodePools corresponds to the JSON schema field "nodePools". - NodePools []SpecKubernetesNodePool `json:"nodePools" yaml:"nodePools" mapstructure:"nodePools"` - - // Accepted values are `launch_configurations`, `launch_templates` or `both`. For - // new clusters use `launch_templates`, for adopting an existing cluster you'll - // need to migrate from `launch_configurations` to `launch_templates` using `both` - // as interim. - NodePoolsLaunchKind SpecKubernetesNodePoolsLaunchKind `json:"nodePoolsLaunchKind" yaml:"nodePoolsLaunchKind" mapstructure:"nodePoolsLaunchKind"` - - // This value defines the network CIDR that will be used to assign IP addresses to - // Kubernetes services. - ServiceIpV4Cidr *TypesCidr `json:"serviceIpV4Cidr,omitempty" yaml:"serviceIpV4Cidr,omitempty" mapstructure:"serviceIpV4Cidr,omitempty"` - - // Required only if `.spec.infrastructure.vpc` is omitted. This value defines the - // ID of the subnet where the EKS cluster will be created. - SubnetIds []TypesAwsSubnetId `json:"subnetIds,omitempty" yaml:"subnetIds,omitempty" mapstructure:"subnetIds,omitempty"` - - // Required only if `.spec.infrastructure.vpc` is omitted. This value defines the - // ID of the VPC where the EKS cluster and its related resources will be created. - VpcId *TypesAwsVpcId `json:"vpcId,omitempty" yaml:"vpcId,omitempty" mapstructure:"vpcId,omitempty"` - - // Overrides the default prefix for the IAM role name of the EKS workers. If not - // set, a name will be generated from the cluster name. - WorkersIAMRoleNamePrefixOverride *TypesAwsIamRoleNamePrefix `json:"workersIAMRoleNamePrefixOverride,omitempty" yaml:"workersIAMRoleNamePrefixOverride,omitempty" mapstructure:"workersIAMRoleNamePrefixOverride,omitempty"` -} +type TypesKubeLabels map[string]string // UnmarshalJSON implements json.Unmarshaler. func (j *SpecKubernetes) UnmarshalJSON(b []byte) error { @@ -4235,34 +4332,24 @@ func (j *SpecToolsConfiguration) UnmarshalJSON(b []byte) error { return nil } -type Spec struct { - // Distribution corresponds to the JSON schema field "distribution". - Distribution SpecDistribution `json:"distribution" yaml:"distribution" mapstructure:"distribution"` - - // Defines which KFD version will be installed and, in consequence, the Kubernetes - // version used to create the cluster. It supports git tags and branches. Example: - // `v1.30.1`. - DistributionVersion string `json:"distributionVersion" yaml:"distributionVersion" mapstructure:"distributionVersion"` - - // Infrastructure corresponds to the JSON schema field "infrastructure". - Infrastructure *SpecInfrastructure `json:"infrastructure,omitempty" yaml:"infrastructure,omitempty" mapstructure:"infrastructure,omitempty"` - - // Kubernetes corresponds to the JSON schema field "kubernetes". - Kubernetes SpecKubernetes `json:"kubernetes" yaml:"kubernetes" mapstructure:"kubernetes"` - - // Plugins corresponds to the JSON schema field "plugins". - Plugins *SpecPlugins `json:"plugins,omitempty" yaml:"plugins,omitempty" mapstructure:"plugins,omitempty"` - - // Defines in which AWS region the cluster and all the related resources will be - // created. - Region TypesAwsRegion `json:"region" yaml:"region" mapstructure:"region"` - - // This map defines which will be the common tags that will be added to all the - // resources created on AWS. - Tags TypesAwsTags `json:"tags,omitempty" yaml:"tags,omitempty" mapstructure:"tags,omitempty"` - - // Configuration for tools used by furyctl, like Terraform. - ToolsConfiguration SpecToolsConfiguration `json:"toolsConfiguration" yaml:"toolsConfiguration" mapstructure:"toolsConfiguration"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior, v) + } + *j = SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior(v) + return nil } // UnmarshalJSON implements json.Unmarshaler. @@ -4298,99 +4385,103 @@ func (j *Spec) UnmarshalJSON(b []byte) error { return nil } -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyGatekeeperPolicyManagerElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyHubbleUiElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyIngressNgnixForecastleElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyLoggingMinioConsoleElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyLoggingOpensearchDashboardsElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringAlertmanagerElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringGrafanaElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringMinioConsoleElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringPrometheusElem map[string]interface{} - -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyTracingMinioConsoleElem map[string]interface{} - -// override default routes for KFD components -type SpecDistributionModulesAuthPomeriumDefaultRoutesPolicy struct { - // GatekeeperPolicyManager corresponds to the JSON schema field - // "gatekeeperPolicyManager". - GatekeeperPolicyManager []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyGatekeeperPolicyManagerElem `json:"gatekeeperPolicyManager,omitempty" yaml:"gatekeeperPolicyManager,omitempty" mapstructure:"gatekeeperPolicyManager,omitempty"` - - // HubbleUi corresponds to the JSON schema field "hubbleUi". - HubbleUi []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyHubbleUiElem `json:"hubbleUi,omitempty" yaml:"hubbleUi,omitempty" mapstructure:"hubbleUi,omitempty"` - - // IngressNgnixForecastle corresponds to the JSON schema field - // "ingressNgnixForecastle". - IngressNgnixForecastle []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyIngressNgnixForecastleElem `json:"ingressNgnixForecastle,omitempty" yaml:"ingressNgnixForecastle,omitempty" mapstructure:"ingressNgnixForecastle,omitempty"` +var enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = []interface{}{ + "create", + "replace", + "merge", +} - // LoggingMinioConsole corresponds to the JSON schema field "loggingMinioConsole". - LoggingMinioConsole []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyLoggingMinioConsoleElem `json:"loggingMinioConsole,omitempty" yaml:"loggingMinioConsole,omitempty" mapstructure:"loggingMinioConsole,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *TypesKubeToleration) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["effect"]; !ok || v == nil { + return fmt.Errorf("field effect in TypesKubeToleration: required") + } + if v, ok := raw["key"]; !ok || v == nil { + return fmt.Errorf("field key in TypesKubeToleration: required") + } + type Plain TypesKubeToleration + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = TypesKubeToleration(plain) + return nil +} - // LoggingOpensearchDashboards corresponds to the JSON schema field - // "loggingOpensearchDashboards". - LoggingOpensearchDashboards []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyLoggingOpensearchDashboardsElem `json:"loggingOpensearchDashboards,omitempty" yaml:"loggingOpensearchDashboards,omitempty" mapstructure:"loggingOpensearchDashboards,omitempty"` +type TypesKubeToleration struct { + // Effect corresponds to the JSON schema field "effect". + Effect TypesKubeTolerationEffect `json:"effect" yaml:"effect" mapstructure:"effect"` - // MonitoringAlertmanager corresponds to the JSON schema field - // "monitoringAlertmanager". - MonitoringAlertmanager []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringAlertmanagerElem `json:"monitoringAlertmanager,omitempty" yaml:"monitoringAlertmanager,omitempty" mapstructure:"monitoringAlertmanager,omitempty"` + // The key of the toleration + Key string `json:"key" yaml:"key" mapstructure:"key"` - // MonitoringGrafana corresponds to the JSON schema field "monitoringGrafana". - MonitoringGrafana []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringGrafanaElem `json:"monitoringGrafana,omitempty" yaml:"monitoringGrafana,omitempty" mapstructure:"monitoringGrafana,omitempty"` + // Operator corresponds to the JSON schema field "operator". + Operator *TypesKubeTolerationOperator `json:"operator,omitempty" yaml:"operator,omitempty" mapstructure:"operator,omitempty"` - // MonitoringMinioConsole corresponds to the JSON schema field - // "monitoringMinioConsole". - MonitoringMinioConsole []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringMinioConsoleElem `json:"monitoringMinioConsole,omitempty" yaml:"monitoringMinioConsole,omitempty" mapstructure:"monitoringMinioConsole,omitempty"` + // The value of the toleration + Value *string `json:"value,omitempty" yaml:"value,omitempty" mapstructure:"value,omitempty"` +} - // MonitoringPrometheus corresponds to the JSON schema field - // "monitoringPrometheus". - MonitoringPrometheus []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyMonitoringPrometheusElem `json:"monitoringPrometheus,omitempty" yaml:"monitoringPrometheus,omitempty" mapstructure:"monitoringPrometheus,omitempty"` +const ( + TypesKubeTolerationOperatorEqual TypesKubeTolerationOperator = "Equal" + TypesKubeTolerationOperatorExists TypesKubeTolerationOperator = "Exists" +) - // TracingMinioConsole corresponds to the JSON schema field "tracingMinioConsole". - TracingMinioConsole []SpecDistributionModulesAuthPomeriumDefaultRoutesPolicyTracingMinioConsoleElem `json:"tracingMinioConsole,omitempty" yaml:"tracingMinioConsole,omitempty" mapstructure:"tracingMinioConsole,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *TypesKubeTolerationOperator) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_TypesKubeTolerationOperator { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationOperator, v) + } + *j = TypesKubeTolerationOperator(v) + return nil } -// Pomerium needs some user-provided secrets to be fully configured. These secrets -// should be unique between clusters. -type SpecDistributionModulesAuthPomeriumSecrets struct { - // Cookie Secret is the secret used to encrypt and sign session cookies. - // - // To generate a random key, run the following command: `head -c32 /dev/urandom | - // base64` - COOKIESECRET string `json:"COOKIE_SECRET" yaml:"COOKIE_SECRET" mapstructure:"COOKIE_SECRET"` +var enumValues_TypesKubeTolerationOperator = []interface{}{ + "Exists", + "Equal", +} - // Identity Provider Client Secret is the OAuth 2.0 Secret Identifier. When auth - // type is SSO, this value will be the secret used to authenticate Pomerium with - // Dex, **use a strong random value**. - IDPCLIENTSECRET string `json:"IDP_CLIENT_SECRET" yaml:"IDP_CLIENT_SECRET" mapstructure:"IDP_CLIENT_SECRET"` +type TypesKubeTolerationOperator string - // Shared Secret is the base64-encoded, 256-bit key used to mutually authenticate - // requests between Pomerium services. It's critical that secret keys are random, - // and stored safely. - // - // To generate a key, run the following command: `head -c32 /dev/urandom | base64` - SHAREDSECRET string `json:"SHARED_SECRET" yaml:"SHARED_SECRET" mapstructure:"SHARED_SECRET"` +const ( + TypesKubeTolerationEffectNoExecute TypesKubeTolerationEffect = "NoExecute" + TypesKubeTolerationEffectPreferNoSchedule TypesKubeTolerationEffect = "PreferNoSchedule" + TypesKubeTolerationEffectNoSchedule TypesKubeTolerationEffect = "NoSchedule" +) - // Signing Key is the base64 representation of one or more PEM-encoded private - // keys used to sign a user's attestation JWT, which can be consumed by upstream - // applications to pass along identifying user information like username, id, and - // groups. - // - // To generates an P-256 (ES256) signing key: - // - // ```bash - // openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem - // # careful! this will output your private key in terminal - // cat ec_private.pem | base64 - // ``` - SIGNINGKEY string `json:"SIGNING_KEY" yaml:"SIGNING_KEY" mapstructure:"SIGNING_KEY"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *TypesKubeTolerationEffect) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_TypesKubeTolerationEffect { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationEffect, v) + } + *j = TypesKubeTolerationEffect(v) + return nil } // UnmarshalJSON implements json.Unmarshaler. @@ -4534,27 +4625,14 @@ type TypesFuryModuleComponentOverrides_1 struct { Tolerations []TypesKubeToleration_1 `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` } -type SpecDistributionModulesAuthPomeriumRoutesElem map[string]interface{} - -// Configuration for Pomerium, an identity-aware reverse proxy used for SSO. -type SpecDistributionModulesAuthPomerium_2 struct { - // DefaultRoutesPolicy corresponds to the JSON schema field "defaultRoutesPolicy". - DefaultRoutesPolicy *SpecDistributionModulesAuthPomeriumDefaultRoutesPolicy `json:"defaultRoutesPolicy,omitempty" yaml:"defaultRoutesPolicy,omitempty" mapstructure:"defaultRoutesPolicy,omitempty"` - - // Overrides corresponds to the JSON schema field "overrides". - Overrides *TypesFuryModuleComponentOverrides_1 `json:"overrides,omitempty" yaml:"overrides,omitempty" mapstructure:"overrides,omitempty"` - - // DEPRECATED: Use defaultRoutesPolicy and/or routes - Policy *string `json:"policy,omitempty" yaml:"policy,omitempty" mapstructure:"policy,omitempty"` - - // Additional routes configuration for Pomerium. Follows Pomerium's route format: - // https://www.pomerium.com/docs/reference/routes - Routes []SpecDistributionModulesAuthPomeriumRoutesElem `json:"routes,omitempty" yaml:"routes,omitempty" mapstructure:"routes,omitempty"` - - // Secrets corresponds to the JSON schema field "secrets". - Secrets SpecDistributionModulesAuthPomeriumSecrets `json:"secrets" yaml:"secrets" mapstructure:"secrets"` +var enumValues_TypesKubeTolerationEffect = []interface{}{ + "NoSchedule", + "PreferNoSchedule", + "NoExecute", } +type TypesKubeTolerationEffect string + // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistributionModulesAuthPomerium_2) UnmarshalJSON(b []byte) error { var raw map[string]interface{} @@ -4587,7 +4665,23 @@ type TypesSshPubKey string type TypesUri string -type EksclusterKfdV1Alpha2Kind string +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionCommonProvider) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionCommonProvider: required") + } + type Plain SpecDistributionCommonProvider + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionCommonProvider(plain) + return nil +} var enumValues_EksclusterKfdV1Alpha2Kind = []interface{}{ "EKSCluster", @@ -4613,21 +4707,30 @@ func (j *EksclusterKfdV1Alpha2Kind) UnmarshalJSON(b []byte) error { return nil } -const EksclusterKfdV1Alpha2KindEKSCluster EksclusterKfdV1Alpha2Kind = "EKSCluster" - -// A KFD Cluster deployed on top of AWS's Elastic Kubernetes Service (EKS). -type EksclusterKfdV1Alpha2 struct { - // ApiVersion corresponds to the JSON schema field "apiVersion". - ApiVersion string `json:"apiVersion" yaml:"apiVersion" mapstructure:"apiVersion"` - - // Kind corresponds to the JSON schema field "kind". - Kind EksclusterKfdV1Alpha2Kind `json:"kind" yaml:"kind" mapstructure:"kind"` - - // Metadata corresponds to the JSON schema field "metadata". - Metadata Metadata `json:"metadata" yaml:"metadata" mapstructure:"metadata"` +type TypesKubeNodeSelector map[string]string - // Spec corresponds to the JSON schema field "spec". - Spec Spec `json:"spec" yaml:"spec" mapstructure:"spec"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *Metadata) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in Metadata: required") + } + type Plain Metadata + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + if len(plain.Name) < 1 { + return fmt.Errorf("field %s length: must be >= %d", "name", 1) + } + if len(plain.Name) > 56 { + return fmt.Errorf("field %s length: must be <= %d", "name", 56) + } + *j = Metadata(plain) + return nil } // UnmarshalJSON implements json.Unmarshaler. diff --git a/pkg/apis/ekscluster/v1alpha2/public/schema.go b/pkg/apis/ekscluster/v1alpha2/public/schema.go index 434a9332..54202c29 100644 --- a/pkg/apis/ekscluster/v1alpha2/public/schema.go +++ b/pkg/apis/ekscluster/v1alpha2/public/schema.go @@ -1583,6 +1583,9 @@ type SpecKubernetes struct { // NodePools corresponds to the JSON schema field "nodePools". NodePools []SpecKubernetesNodePool `json:"nodePools" yaml:"nodePools" mapstructure:"nodePools"` + // NodePoolsCommon corresponds to the JSON schema field "nodePoolsCommon". + NodePoolsCommon *SpecKubernetesNodePoolsCommon `json:"nodePoolsCommon,omitempty" yaml:"nodePoolsCommon,omitempty" mapstructure:"nodePoolsCommon,omitempty"` + // Accepted values are `launch_configurations`, `launch_templates` or `both`. For // new clusters use `launch_templates`, for adopting an existing cluster you'll // need to migrate from `launch_configurations` to `launch_templates` using `both` @@ -1916,6 +1919,37 @@ const ( SpecKubernetesNodePoolTypeSelfManaged SpecKubernetesNodePoolType = "self-managed" ) +// All the common self-managed node pool definitions. Currently supports only the +// IMDS properties. +type SpecKubernetesNodePoolsCommon struct { + // Specifies whether the instance metadata service (IMDS) is enabled or disabled. + // When set to 'disabled', instance metadata is not accessible. + MetadataHttpEndpoint *SpecKubernetesNodePoolsCommonMetadataHttpEndpoint `json:"metadataHttpEndpoint,omitempty" yaml:"metadataHttpEndpoint,omitempty" mapstructure:"metadataHttpEndpoint,omitempty"` + + // Specifies the maximum number of network hops allowed for instance metadata PUT + // response packets. This helps control access to instance metadata across + // different network layers. + MetadataHttpPutResponseHopLimit *int `json:"metadataHttpPutResponseHopLimit,omitempty" yaml:"metadataHttpPutResponseHopLimit,omitempty" mapstructure:"metadataHttpPutResponseHopLimit,omitempty"` + + // Defines whether the use of IMDS session tokens is required. When set to + // 'required', all metadata requests must include a valid session token. + MetadataHttpTokens *SpecKubernetesNodePoolsCommonMetadataHttpTokens `json:"metadataHttpTokens,omitempty" yaml:"metadataHttpTokens,omitempty" mapstructure:"metadataHttpTokens,omitempty"` +} + +type SpecKubernetesNodePoolsCommonMetadataHttpEndpoint string + +const ( + SpecKubernetesNodePoolsCommonMetadataHttpEndpointDisabled SpecKubernetesNodePoolsCommonMetadataHttpEndpoint = "disabled" + SpecKubernetesNodePoolsCommonMetadataHttpEndpointEnabled SpecKubernetesNodePoolsCommonMetadataHttpEndpoint = "enabled" +) + +type SpecKubernetesNodePoolsCommonMetadataHttpTokens string + +const ( + SpecKubernetesNodePoolsCommonMetadataHttpTokensOptional SpecKubernetesNodePoolsCommonMetadataHttpTokens = "optional" + SpecKubernetesNodePoolsCommonMetadataHttpTokensRequired SpecKubernetesNodePoolsCommonMetadataHttpTokens = "required" +) + type SpecKubernetesNodePoolsLaunchKind string const ( @@ -2058,918 +2092,764 @@ const ( TypesAwsRegionUsEast1 TypesAwsRegion = "us-east-1" TypesAwsRegionUsEast2 TypesAwsRegion = "us-east-2" TypesAwsRegionUsGovEast1 TypesAwsRegion = "us-gov-east-1" - TypesAwsRegionUsGovWest1 TypesAwsRegion = "us-gov-west-1" - TypesAwsRegionUsWest1 TypesAwsRegion = "us-west-1" - TypesAwsRegionUsWest2 TypesAwsRegion = "us-west-2" ) -type TypesAwsS3BucketName string - -type TypesAwsS3BucketNamePrefix string - -type TypesAwsS3KeyPrefix string - -type TypesAwsSshPubKey string - -type TypesAwsSubnetId string - -type TypesAwsTags map[string]string - -type TypesAwsVpcId string - -type TypesCidr string - -type TypesEnvRef string - -type TypesFileRef string - -type TypesFuryModuleComponentOverrides struct { - // Set to override the node selector used to place the pods of the package. - NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` - - // Set to override the tolerations that will be added to the pods of the package. - Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecKubernetesNodePoolSize) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["max"]; !ok || v == nil { + return fmt.Errorf("field max in SpecKubernetesNodePoolSize: required") + } + if v, ok := raw["min"]; !ok || v == nil { + return fmt.Errorf("field min in SpecKubernetesNodePoolSize: required") + } + type Plain SpecKubernetesNodePoolSize + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecKubernetesNodePoolSize(plain) + return nil } -type TypesFuryModuleComponentOverridesWithIAMRoleName struct { - // IamRoleName corresponds to the JSON schema field "iamRoleName". - IamRoleName *TypesAwsIamRoleName `json:"iamRoleName,omitempty" yaml:"iamRoleName,omitempty" mapstructure:"iamRoleName,omitempty"` - - // The node selector to use to place the pods for the load balancer controller - // module. - NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` - - // The tolerations that will be added to the pods for the cluster autoscaler - // module. - Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecInfrastructureVpcNetworkSubnetsCidrs) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["private"]; !ok || v == nil { + return fmt.Errorf("field private in SpecInfrastructureVpcNetworkSubnetsCidrs: required") + } + if v, ok := raw["public"]; !ok || v == nil { + return fmt.Errorf("field public in SpecInfrastructureVpcNetworkSubnetsCidrs: required") + } + type Plain SpecInfrastructureVpcNetworkSubnetsCidrs + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecInfrastructureVpcNetworkSubnetsCidrs(plain) + return nil } -type TypesFuryModuleComponentOverrides_1 struct { - // NodeSelector corresponds to the JSON schema field "nodeSelector". - NodeSelector TypesKubeNodeSelector_1 `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` - - // Tolerations corresponds to the JSON schema field "tolerations". - Tolerations []TypesKubeToleration_1 `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistribution) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["modules"]; !ok || v == nil { + return fmt.Errorf("field modules in SpecDistribution: required") + } + type Plain SpecDistribution + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistribution(plain) + return nil } -// Override the common configuration with a particular configuration for the -// module. -type TypesFuryModuleOverrides struct { - // Ingresses corresponds to the JSON schema field "ingresses". - Ingresses TypesFuryModuleOverridesIngresses `json:"ingresses,omitempty" yaml:"ingresses,omitempty" mapstructure:"ingresses,omitempty"` - - // Set to override the node selector used to place the pods of the module. - NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` - - // Set to override the tolerations that will be added to the pods of the module. - Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecInfrastructureVpcNetwork) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["cidr"]; !ok || v == nil { + return fmt.Errorf("field cidr in SpecInfrastructureVpcNetwork: required") + } + if v, ok := raw["subnetsCidrs"]; !ok || v == nil { + return fmt.Errorf("field subnetsCidrs in SpecInfrastructureVpcNetwork: required") + } + type Plain SpecInfrastructureVpcNetwork + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecInfrastructureVpcNetwork(plain) + return nil } -type TypesFuryModuleOverridesIngress struct { - // If true, the ingress will not have authentication even if - // `.spec.modules.auth.provider.type` is SSO or Basic Auth. - DisableAuth *bool `json:"disableAuth,omitempty" yaml:"disableAuth,omitempty" mapstructure:"disableAuth,omitempty"` - - // Use this host for the ingress instead of the default one. - Host *string `json:"host,omitempty" yaml:"host,omitempty" mapstructure:"host,omitempty"` - - // Use this ingress class for the ingress instead of the default one. - IngressClass *string `json:"ingressClass,omitempty" yaml:"ingressClass,omitempty" mapstructure:"ingressClass,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModules) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["dr"]; !ok || v == nil { + return fmt.Errorf("field dr in SpecDistributionModules: required") + } + if v, ok := raw["ingress"]; !ok || v == nil { + return fmt.Errorf("field ingress in SpecDistributionModules: required") + } + if v, ok := raw["logging"]; !ok || v == nil { + return fmt.Errorf("field logging in SpecDistributionModules: required") + } + if v, ok := raw["policy"]; !ok || v == nil { + return fmt.Errorf("field policy in SpecDistributionModules: required") + } + type Plain SpecDistributionModules + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModules(plain) + return nil } -type TypesFuryModuleOverridesIngresses map[string]TypesFuryModuleOverridesIngress - -type TypesIpAddress string - -type TypesKubeLabels map[string]string - -type TypesKubeLabels_1 map[string]string - -type TypesKubeNodeSelector map[string]string +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecInfrastructureVpc) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["network"]; !ok || v == nil { + return fmt.Errorf("field network in SpecInfrastructureVpc: required") + } + type Plain SpecInfrastructureVpc + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecInfrastructureVpc(plain) + return nil +} -type TypesKubeNodeSelector_1 map[string]string +type TypesAwsS3BucketNamePrefix string -type TypesKubeResources struct { - // Limits corresponds to the JSON schema field "limits". - Limits *TypesKubeResourcesLimits `json:"limits,omitempty" yaml:"limits,omitempty" mapstructure:"limits,omitempty"` +type TypesTcpPort int - // Requests corresponds to the JSON schema field "requests". - Requests *TypesKubeResourcesRequests `json:"requests,omitempty" yaml:"requests,omitempty" mapstructure:"requests,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesTracing) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesTracing: required") + } + type Plain SpecDistributionModulesTracing + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesTracing(plain) + return nil } -type TypesKubeResourcesLimits struct { - // The CPU limit for the Pod. Example: `1000m`. - Cpu *string `json:"cpu,omitempty" yaml:"cpu,omitempty" mapstructure:"cpu,omitempty"` - - // The memory limit for the Pod. Example: `1G`. - Memory *string `json:"memory,omitempty" yaml:"memory,omitempty" mapstructure:"memory,omitempty"` +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecInfrastructureVpnSsh) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["allowedFromCidrs"]; !ok || v == nil { + return fmt.Errorf("field allowedFromCidrs in SpecInfrastructureVpnSsh: required") + } + if v, ok := raw["githubUsersName"]; !ok || v == nil { + return fmt.Errorf("field githubUsersName in SpecInfrastructureVpnSsh: required") + } + type Plain SpecInfrastructureVpnSsh + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + if plain.GithubUsersName != nil && len(plain.GithubUsersName) < 1 { + return fmt.Errorf("field %s length: must be >= %d", "githubUsersName", 1) + } + *j = SpecInfrastructureVpnSsh(plain) + return nil } -type TypesKubeResourcesRequests struct { - // The CPU request for the Pod, in cores. Example: `500m`. - Cpu *string `json:"cpu,omitempty" yaml:"cpu,omitempty" mapstructure:"cpu,omitempty"` - - // The memory request for the Pod. Example: `500M`. - Memory *string `json:"memory,omitempty" yaml:"memory,omitempty" mapstructure:"memory,omitempty"` -} - -type TypesKubeTaints []string - -type TypesKubeToleration struct { - // Effect corresponds to the JSON schema field "effect". - Effect TypesKubeTolerationEffect `json:"effect" yaml:"effect" mapstructure:"effect"` - - // The key of the toleration - Key string `json:"key" yaml:"key" mapstructure:"key"` - - // Operator corresponds to the JSON schema field "operator". - Operator *TypesKubeTolerationOperator `json:"operator,omitempty" yaml:"operator,omitempty" mapstructure:"operator,omitempty"` - - // The value of the toleration - Value *string `json:"value,omitempty" yaml:"value,omitempty" mapstructure:"value,omitempty"` -} - -type TypesKubeTolerationEffect string - -const ( - TypesKubeTolerationEffectNoExecute TypesKubeTolerationEffect = "NoExecute" - TypesKubeTolerationEffectNoSchedule TypesKubeTolerationEffect = "NoSchedule" - TypesKubeTolerationEffectPreferNoSchedule TypesKubeTolerationEffect = "PreferNoSchedule" -) - -type TypesKubeTolerationEffect_1 string - -const ( - TypesKubeTolerationEffect_1_NoExecute TypesKubeTolerationEffect_1 = "NoExecute" - TypesKubeTolerationEffect_1_NoSchedule TypesKubeTolerationEffect_1 = "NoSchedule" - TypesKubeTolerationEffect_1_PreferNoSchedule TypesKubeTolerationEffect_1 = "PreferNoSchedule" -) - -type TypesKubeTolerationOperator string - -const ( - TypesKubeTolerationOperatorEqual TypesKubeTolerationOperator = "Equal" - TypesKubeTolerationOperatorExists TypesKubeTolerationOperator = "Exists" -) - -type TypesKubeTolerationOperator_1 string - -const ( - TypesKubeTolerationOperator_1_Equal TypesKubeTolerationOperator_1 = "Equal" - TypesKubeTolerationOperator_1_Exists TypesKubeTolerationOperator_1 = "Exists" -) - -type TypesKubeToleration_1 struct { - // Effect corresponds to the JSON schema field "effect". - Effect TypesKubeTolerationEffect_1 `json:"effect" yaml:"effect" mapstructure:"effect"` - - // Key corresponds to the JSON schema field "key". - Key string `json:"key" yaml:"key" mapstructure:"key"` - - // Operator corresponds to the JSON schema field "operator". - Operator *TypesKubeTolerationOperator_1 `json:"operator,omitempty" yaml:"operator,omitempty" mapstructure:"operator,omitempty"` - - // Value corresponds to the JSON schema field "value". - Value string `json:"value" yaml:"value" mapstructure:"value"` -} - -type TypesSemVer string - -type TypesSshPubKey string - -type TypesTcpPort int - -type TypesUri string - -var enumValues_EksclusterKfdV1Alpha2Kind = []interface{}{ - "EKSCluster", -} - -var enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = []interface{}{ - "create", - "replace", - "merge", -} - -var enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = []interface{}{ - "create", - "replace", - "merge", -} - -var enumValues_SpecDistributionModulesAuthProviderType = []interface{}{ - "none", - "basicAuth", - "sso", -} - -var enumValues_SpecDistributionModulesDrType = []interface{}{ - "none", - "eks", -} - -var enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType = []interface{}{ - "dns01", - "http01", -} - -var enumValues_SpecDistributionModulesIngressNginxTLSProvider = []interface{}{ - "certManager", - "secret", - "none", -} - -var enumValues_SpecDistributionModulesIngressNginxType = []interface{}{ - "none", - "single", - "dual", -} - -var enumValues_SpecDistributionModulesLoggingLokiBackend = []interface{}{ - "minio", - "externalEndpoint", -} - -var enumValues_SpecDistributionModulesLoggingOpensearchType = []interface{}{ - "single", - "triple", -} - -var enumValues_SpecDistributionModulesLoggingType = []interface{}{ - "none", - "opensearch", - "loki", - "customOutputs", -} - -var enumValues_SpecDistributionModulesMonitoringMimirBackend = []interface{}{ - "minio", - "externalEndpoint", -} - -var enumValues_SpecDistributionModulesMonitoringType = []interface{}{ - "none", - "prometheus", - "prometheusAgent", - "mimir", -} - -var enumValues_SpecDistributionModulesPolicyGatekeeperEnforcementAction = []interface{}{ - "deny", - "dryrun", - "warn", -} - -var enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction = []interface{}{ - "Audit", - "Enforce", -} - -var enumValues_SpecDistributionModulesPolicyType = []interface{}{ - "none", - "gatekeeper", - "kyverno", -} - -var enumValues_SpecDistributionModulesTracingTempoBackend = []interface{}{ - "minio", - "externalEndpoint", -} - -var enumValues_SpecDistributionModulesTracingType = []interface{}{ - "none", - "tempo", -} - -var enumValues_SpecKubernetesLogRetentionDays = []interface{}{ - 0, - 1, - 3, - 5, - 7, - 14, - 30, - 60, - 90, - 120, - 150, - 180, - 365, - 400, - 545, - 731, - 1096, - 1827, - 2192, - 2557, - 2922, - 3288, - 3653, -} - -var enumValues_SpecKubernetesLogsTypesElem = []interface{}{ - "api", - "audit", - "authenticator", - "controllerManager", - "scheduler", -} - -var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType = []interface{}{ - "ingress", - "egress", -} - -var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSelfType = []interface{}{ - "ingress", - "egress", -} - -var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType = []interface{}{ - "ingress", - "egress", -} - -var enumValues_SpecKubernetesNodePoolAmiType = []interface{}{ - "alinux2", - "alinux2023", -} - -var enumValues_SpecKubernetesNodePoolContainerRuntime = []interface{}{ - "docker", - "containerd", -} - -var enumValues_SpecKubernetesNodePoolGlobalAmiType = []interface{}{ - "alinux2", - "alinux2023", -} +type TypesAwsVpcId string -var enumValues_SpecKubernetesNodePoolInstanceVolumeType = []interface{}{ - "gp2", - "gp3", - "io1", - "standard", +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesTracingType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_SpecDistributionModulesTracingType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesTracingType, v) + } + *j = SpecDistributionModulesTracingType(v) + return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCustomPatchesConfigMapGeneratorResource) UnmarshalJSON(b []byte) error { +func (j *SpecInfrastructureVpn) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionCustomPatchesConfigMapGeneratorResource: required") + if v, ok := raw["ssh"]; !ok || v == nil { + return fmt.Errorf("field ssh in SpecInfrastructureVpn: required") } - type Plain SpecDistributionCustomPatchesConfigMapGeneratorResource + if v, ok := raw["vpnClientsSubnetCidr"]; !ok || v == nil { + return fmt.Errorf("field vpnClientsSubnetCidr in SpecInfrastructureVpn: required") + } + type Plain SpecInfrastructureVpn var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionCustomPatchesConfigMapGeneratorResource(plain) + *j = SpecInfrastructureVpn(plain) return nil } +var enumValues_SpecDistributionModulesTracingType = []interface{}{ + "none", + "tempo", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressCertManagerClusterIssuerType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesTracingTempoBackend) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType { + for _, expected := range enumValues_SpecDistributionModulesTracingTempoBackend { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesTracingTempoBackend, v) } - *j = SpecDistributionModulesIngressCertManagerClusterIssuerType(v) + *j = SpecDistributionModulesTracingTempoBackend(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesDr) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesAPIServer) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesDr: required") + if v, ok := raw["privateAccess"]; !ok || v == nil { + return fmt.Errorf("field privateAccess in SpecKubernetesAPIServer: required") } - type Plain SpecDistributionModulesDr + if v, ok := raw["publicAccess"]; !ok || v == nil { + return fmt.Errorf("field publicAccess in SpecKubernetesAPIServer: required") + } + type Plain SpecKubernetesAPIServer var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesDr(plain) + *j = SpecKubernetesAPIServer(plain) return nil } +var enumValues_SpecDistributionModulesTracingTempoBackend = []interface{}{ + "minio", + "externalEndpoint", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesDrVelero) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesPolicy) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["eks"]; !ok || v == nil { - return fmt.Errorf("field eks in SpecDistributionModulesDrVelero: required") + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesPolicy: required") } - type Plain SpecDistributionModulesDrVelero + type Plain SpecDistributionModulesPolicy var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesDrVelero(plain) + *j = SpecDistributionModulesPolicy(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesDrVeleroEks) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesAwsAuthRole) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["bucketName"]; !ok || v == nil { - return fmt.Errorf("field bucketName in SpecDistributionModulesDrVeleroEks: required") - } - if v, ok := raw["region"]; !ok || v == nil { - return fmt.Errorf("field region in SpecDistributionModulesDrVeleroEks: required") + if v, ok := raw["groups"]; !ok || v == nil { + return fmt.Errorf("field groups in SpecKubernetesAwsAuthRole: required") } - type Plain SpecDistributionModulesDrVeleroEks - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if v, ok := raw["rolearn"]; !ok || v == nil { + return fmt.Errorf("field rolearn in SpecKubernetesAwsAuthRole: required") } - *j = SpecDistributionModulesDrVeleroEks(plain) - return nil -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAdditionalFirewallRules) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err + if v, ok := raw["username"]; !ok || v == nil { + return fmt.Errorf("field username in SpecKubernetesAwsAuthRole: required") } - type Plain SpecKubernetesNodePoolAdditionalFirewallRules + type Plain SpecKubernetesAwsAuthRole var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - if plain.CidrBlocks != nil && len(plain.CidrBlocks) < 1 { - return fmt.Errorf("field %s length: must be >= %d", "cidrBlocks", 1) - } - if plain.Self != nil && len(plain.Self) < 1 { - return fmt.Errorf("field %s length: must be >= %d", "self", 1) - } - if plain.SourceSecurityGroupId != nil && len(plain.SourceSecurityGroupId) < 1 { - return fmt.Errorf("field %s length: must be >= %d", "sourceSecurityGroupId", 1) - } - *j = SpecKubernetesNodePoolAdditionalFirewallRules(plain) + *j = SpecKubernetesAwsAuthRole(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolContainerRuntime) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesPolicyType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolContainerRuntime { + for _, expected := range enumValues_SpecDistributionModulesPolicyType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolContainerRuntime, v) - } - *j = SpecKubernetesNodePoolContainerRuntime(v) - return nil -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressCertManagerClusterIssuer) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["email"]; !ok || v == nil { - return fmt.Errorf("field email in SpecDistributionModulesIngressCertManagerClusterIssuer: required") - } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionModulesIngressCertManagerClusterIssuer: required") - } - type Plain SpecDistributionModulesIngressCertManagerClusterIssuer - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesPolicyType, v) } - *j = SpecDistributionModulesIngressCertManagerClusterIssuer(plain) + *j = SpecDistributionModulesPolicyType(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesAwsAuthUser) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") - } - if v, ok := raw["ports"]; !ok || v == nil { - return fmt.Errorf("field ports in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") - } - if v, ok := raw["protocol"]; !ok || v == nil { - return fmt.Errorf("field protocol in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") + if v, ok := raw["groups"]; !ok || v == nil { + return fmt.Errorf("field groups in SpecKubernetesAwsAuthUser: required") } - if v, ok := raw["sourceSecurityGroupId"]; !ok || v == nil { - return fmt.Errorf("field sourceSecurityGroupId in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") + if v, ok := raw["userarn"]; !ok || v == nil { + return fmt.Errorf("field userarn in SpecKubernetesAwsAuthUser: required") } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") + if v, ok := raw["username"]; !ok || v == nil { + return fmt.Errorf("field username in SpecKubernetesAwsAuthUser: required") } - type Plain SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId + type Plain SpecKubernetesAwsAuthUser var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId(plain) + *j = SpecKubernetesAwsAuthUser(plain) return nil } +var enumValues_SpecDistributionModulesPolicyType = []interface{}{ + "none", + "gatekeeper", + "kyverno", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressCertManager) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesPolicyKyverno) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["clusterIssuer"]; !ok || v == nil { - return fmt.Errorf("field clusterIssuer in SpecDistributionModulesIngressCertManager: required") + if v, ok := raw["installDefaultPolicies"]; !ok || v == nil { + return fmt.Errorf("field installDefaultPolicies in SpecDistributionModulesPolicyKyverno: required") } - type Plain SpecDistributionModulesIngressCertManager + if v, ok := raw["validationFailureAction"]; !ok || v == nil { + return fmt.Errorf("field validationFailureAction in SpecDistributionModulesPolicyKyverno: required") + } + type Plain SpecDistributionModulesPolicyKyverno var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesIngressCertManager(plain) + *j = SpecDistributionModulesPolicyKyverno(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesTracingType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesPolicyKyvernoValidationFailureAction) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesTracingType { + for _, expected := range enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesTracingType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction, v) } - *j = SpecDistributionModulesTracingType(v) + *j = SpecDistributionModulesPolicyKyvernoValidationFailureAction(v) return nil } +var enumValues_SpecKubernetesLogRetentionDays = []interface{}{ + 0, + 1, + 3, + 5, + 7, + 14, + 30, + 60, + 90, + 120, + 150, + 180, + 365, + 400, + 545, + 731, + 1096, + 1827, + 2192, + 2557, + 2922, + 3288, + 3653, +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolInstanceVolumeType) UnmarshalJSON(b []byte) error { - var v string +func (j *SpecKubernetesLogRetentionDays) UnmarshalJSON(b []byte) error { + var v int if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolInstanceVolumeType { + for _, expected := range enumValues_SpecKubernetesLogRetentionDays { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolInstanceVolumeType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesLogRetentionDays, v) } - *j = SpecKubernetesNodePoolInstanceVolumeType(v) + *j = SpecKubernetesLogRetentionDays(v) return nil } +var enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction = []interface{}{ + "Audit", + "Enforce", +} + +var enumValues_SpecKubernetesLogsTypesElem = []interface{}{ + "api", + "audit", + "authenticator", + "controllerManager", + "scheduler", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressDNSPrivate) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *SpecKubernetesLogsTypesElem) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["create"]; !ok || v == nil { - return fmt.Errorf("field create in SpecDistributionModulesIngressDNSPrivate: required") - } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionModulesIngressDNSPrivate: required") + var ok bool + for _, expected := range enumValues_SpecKubernetesLogsTypesElem { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecDistributionModulesIngressDNSPrivate - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesLogsTypesElem, v) } - *j = SpecDistributionModulesIngressDNSPrivate(plain) + *j = SpecKubernetesLogsTypesElem(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressDNSPublic) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesPolicyGatekeeper) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["create"]; !ok || v == nil { - return fmt.Errorf("field create in SpecDistributionModulesIngressDNSPublic: required") + if v, ok := raw["enforcementAction"]; !ok || v == nil { + return fmt.Errorf("field enforcementAction in SpecDistributionModulesPolicyGatekeeper: required") } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionModulesIngressDNSPublic: required") + if v, ok := raw["installDefaultPolicies"]; !ok || v == nil { + return fmt.Errorf("field installDefaultPolicies in SpecDistributionModulesPolicyGatekeeper: required") } - type Plain SpecDistributionModulesIngressDNSPublic + type Plain SpecDistributionModulesPolicyGatekeeper var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesIngressDNSPublic(plain) - return nil -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType, v) - } - *j = SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType(v) + *j = SpecDistributionModulesPolicyGatekeeper(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *TypesAwsRegion) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesPolicyGatekeeperEnforcementAction) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_TypesAwsRegion { + for _, expected := range enumValues_SpecDistributionModulesPolicyGatekeeperEnforcementAction { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesAwsRegion, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesPolicyGatekeeperEnforcementAction, v) } - *j = TypesAwsRegion(v) + *j = SpecDistributionModulesPolicyGatekeeperEnforcementAction(v) return nil } -var enumValues_TypesAwsRegion = []interface{}{ - "af-south-1", - "ap-east-1", - "ap-northeast-1", - "ap-northeast-2", - "ap-northeast-3", - "ap-south-1", - "ap-south-2", - "ap-southeast-1", - "ap-southeast-2", - "ap-southeast-3", - "ap-southeast-4", - "ca-central-1", - "eu-central-1", - "eu-central-2", - "eu-north-1", - "eu-south-1", - "eu-south-2", - "eu-west-1", - "eu-west-2", - "eu-west-3", - "me-central-1", - "me-south-1", - "sa-east-1", - "us-east-1", - "us-east-2", - "us-gov-east-1", - "us-gov-west-1", - "us-west-1", - "us-west-2", +var enumValues_SpecDistributionModulesPolicyGatekeeperEnforcementAction = []interface{}{ + "deny", + "dryrun", + "warn", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolInstance) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesMonitoring) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecKubernetesNodePoolInstance: required") + return fmt.Errorf("field type in SpecDistributionModulesMonitoring: required") } - type Plain SpecKubernetesNodePoolInstance + type Plain SpecDistributionModulesMonitoring var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecKubernetesNodePoolInstance(plain) + *j = SpecDistributionModulesMonitoring(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSelf) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *SpecDistributionModulesMonitoringType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") - } - if v, ok := raw["ports"]; !ok || v == nil { - return fmt.Errorf("field ports in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") - } - if v, ok := raw["protocol"]; !ok || v == nil { - return fmt.Errorf("field protocol in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") - } - if v, ok := raw["self"]; !ok || v == nil { - return fmt.Errorf("field self in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") - } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") + var ok bool + for _, expected := range enumValues_SpecDistributionModulesMonitoringType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecKubernetesNodePoolAdditionalFirewallRuleSelf - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesMonitoringType, v) } - *j = SpecKubernetesNodePoolAdditionalFirewallRuleSelf(plain) + *j = SpecDistributionModulesMonitoringType(v) return nil } +var enumValues_SpecDistributionModulesMonitoringType = []interface{}{ + "none", + "prometheus", + "prometheusAgent", + "mimir", +} + +var enumValues_SpecKubernetesNodePoolGlobalAmiType = []interface{}{ + "alinux2", + "alinux2023", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginxTLSProvider) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolGlobalAmiType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesIngressNginxTLSProvider { + for _, expected := range enumValues_SpecKubernetesNodePoolGlobalAmiType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressNginxTLSProvider, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolGlobalAmiType, v) } - *j = SpecDistributionModulesIngressNginxTLSProvider(v) + *j = SpecKubernetesNodePoolGlobalAmiType(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolSize) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *SpecDistributionModulesMonitoringMimirBackend) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["max"]; !ok || v == nil { - return fmt.Errorf("field max in SpecKubernetesNodePoolSize: required") - } - if v, ok := raw["min"]; !ok || v == nil { - return fmt.Errorf("field min in SpecKubernetesNodePoolSize: required") + var ok bool + for _, expected := range enumValues_SpecDistributionModulesMonitoringMimirBackend { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecKubernetesNodePoolSize - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesMonitoringMimirBackend, v) } - *j = SpecKubernetesNodePoolSize(plain) + *j = SpecDistributionModulesMonitoringMimirBackend(v) return nil } +var enumValues_SpecDistributionModulesMonitoringMimirBackend = []interface{}{ + "minio", + "externalEndpoint", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginxTLSSecret) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesLogging) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["ca"]; !ok || v == nil { - return fmt.Errorf("field ca in SpecDistributionModulesIngressNginxTLSSecret: required") - } - if v, ok := raw["cert"]; !ok || v == nil { - return fmt.Errorf("field cert in SpecDistributionModulesIngressNginxTLSSecret: required") - } - if v, ok := raw["key"]; !ok || v == nil { - return fmt.Errorf("field key in SpecDistributionModulesIngressNginxTLSSecret: required") + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesLogging: required") } - type Plain SpecDistributionModulesIngressNginxTLSSecret + type Plain SpecDistributionModulesLogging var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesIngressNginxTLSSecret(plain) + *j = SpecDistributionModulesLogging(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginxTLS) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolAdditionalFirewallRulePorts) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["provider"]; !ok || v == nil { - return fmt.Errorf("field provider in SpecDistributionModulesIngressNginxTLS: required") + if v, ok := raw["from"]; !ok || v == nil { + return fmt.Errorf("field from in SpecKubernetesNodePoolAdditionalFirewallRulePorts: required") } - type Plain SpecDistributionModulesIngressNginxTLS + if v, ok := raw["to"]; !ok || v == nil { + return fmt.Errorf("field to in SpecKubernetesNodePoolAdditionalFirewallRulePorts: required") + } + type Plain SpecKubernetesNodePoolAdditionalFirewallRulePorts var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesIngressNginxTLS(plain) + *j = SpecKubernetesNodePoolAdditionalFirewallRulePorts(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesDrType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesLoggingType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesDrType { + for _, expected := range enumValues_SpecDistributionModulesLoggingType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesDrType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingType, v) } - *j = SpecDistributionModulesDrType(v) + *j = SpecDistributionModulesLoggingType(v) return nil } -var enumValues_SpecKubernetesNodePoolType = []interface{}{ - "eks-managed", - "self-managed", +type TypesAwsTags map[string]string + +var enumValues_SpecDistributionModulesLoggingType = []interface{}{ + "none", + "opensearch", + "loki", + "customOutputs", +} + +var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType = []interface{}{ + "ingress", + "egress", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolType) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolType { + for _, expected := range enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType, v) } - *j = SpecKubernetesNodePoolType(v) + *j = SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSelfType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesLoggingOpensearch) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesLoggingOpensearch: required") + } + type Plain SpecDistributionModulesLoggingOpensearch + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesLoggingOpensearch(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesLoggingOpensearchType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSelfType { + for _, expected := range enumValues_SpecDistributionModulesLoggingOpensearchType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSelfType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingOpensearchType, v) } - *j = SpecKubernetesNodePoolAdditionalFirewallRuleSelfType(v) + *j = SpecDistributionModulesLoggingOpensearchType(v) return nil } +var enumValues_SpecDistributionModulesLoggingOpensearchType = []interface{}{ + "single", + "triple", +} + // UnmarshalJSON implements json.Unmarshaler. func (j *SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlock) UnmarshalJSON(b []byte) error { var raw map[string]interface{} @@ -3004,93 +2884,188 @@ func (j *SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlock) UnmarshalJSON(b } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginxType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesLoggingLoki) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["tsdbStartDate"]; !ok || v == nil { + return fmt.Errorf("field tsdbStartDate in SpecDistributionModulesLoggingLoki: required") + } + type Plain SpecDistributionModulesLoggingLoki + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecDistributionModulesLoggingLoki(plain) + return nil +} + +var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSelfType = []interface{}{ + "ingress", + "egress", +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSelfType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesIngressNginxType { + for _, expected := range enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSelfType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressNginxType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSelfType, v) } - *j = SpecDistributionModulesIngressNginxType(v) + *j = SpecKubernetesNodePoolAdditionalFirewallRuleSelfType(v) return nil } +type TypesKubeResources struct { + // Limits corresponds to the JSON schema field "limits". + Limits *TypesKubeResourcesLimits `json:"limits,omitempty" yaml:"limits,omitempty" mapstructure:"limits,omitempty"` + + // Requests corresponds to the JSON schema field "requests". + Requests *TypesKubeResourcesRequests `json:"requests,omitempty" yaml:"requests,omitempty" mapstructure:"requests,omitempty"` +} + +type TypesKubeResourcesLimits struct { + // The CPU limit for the Pod. Example: `1000m`. + Cpu *string `json:"cpu,omitempty" yaml:"cpu,omitempty" mapstructure:"cpu,omitempty"` + + // The memory limit for the Pod. Example: `1G`. + Memory *string `json:"memory,omitempty" yaml:"memory,omitempty" mapstructure:"memory,omitempty"` +} + +type TypesKubeResourcesRequests struct { + // The CPU request for the Pod, in cores. Example: `500m`. + Cpu *string `json:"cpu,omitempty" yaml:"cpu,omitempty" mapstructure:"cpu,omitempty"` + + // The memory request for the Pod. Example: `500M`. + Memory *string `json:"memory,omitempty" yaml:"memory,omitempty" mapstructure:"memory,omitempty"` +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePool) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSelf) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["instance"]; !ok || v == nil { - return fmt.Errorf("field instance in SpecKubernetesNodePool: required") - } if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecKubernetesNodePool: required") + return fmt.Errorf("field name in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") } - if v, ok := raw["size"]; !ok || v == nil { - return fmt.Errorf("field size in SpecKubernetesNodePool: required") + if v, ok := raw["ports"]; !ok || v == nil { + return fmt.Errorf("field ports in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") + } + if v, ok := raw["protocol"]; !ok || v == nil { + return fmt.Errorf("field protocol in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") + } + if v, ok := raw["self"]; !ok || v == nil { + return fmt.Errorf("field self in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") } if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecKubernetesNodePool: required") + return fmt.Errorf("field type in SpecKubernetesNodePoolAdditionalFirewallRuleSelf: required") } - type Plain SpecKubernetesNodePool + type Plain SpecKubernetesNodePoolAdditionalFirewallRuleSelf var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecKubernetesNodePool(plain) + *j = SpecKubernetesNodePoolAdditionalFirewallRuleSelf(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesIngressNginx) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *SpecDistributionModulesLoggingLokiBackend) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesIngressNginx: required") + var ok bool + for _, expected := range enumValues_SpecDistributionModulesLoggingLokiBackend { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecDistributionModulesIngressNginx - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingLokiBackend, v) } - *j = SpecDistributionModulesIngressNginx(plain) + *j = SpecDistributionModulesLoggingLokiBackend(v) return nil } -var enumValues_SpecKubernetesNodePoolsLaunchKind = []interface{}{ - "launch_configurations", - "launch_templates", - "both", +var enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType = []interface{}{ + "ingress", + "egress", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolsLaunchKind) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolsLaunchKind { + for _, expected := range enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType { if reflect.DeepEqual(v, expected) { ok = true break } } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolsLaunchKind, v) + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType, v) + } + *j = SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupIdType(v) + return nil +} + +var enumValues_SpecDistributionModulesLoggingLokiBackend = []interface{}{ + "minio", + "externalEndpoint", +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesLoggingCustomOutputs) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["audit"]; !ok || v == nil { + return fmt.Errorf("field audit in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["errors"]; !ok || v == nil { + return fmt.Errorf("field errors in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["events"]; !ok || v == nil { + return fmt.Errorf("field events in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["infra"]; !ok || v == nil { + return fmt.Errorf("field infra in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["ingressNginx"]; !ok || v == nil { + return fmt.Errorf("field ingressNginx in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["kubernetes"]; !ok || v == nil { + return fmt.Errorf("field kubernetes in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["systemdCommon"]; !ok || v == nil { + return fmt.Errorf("field systemdCommon in SpecDistributionModulesLoggingCustomOutputs: required") + } + if v, ok := raw["systemdEtcd"]; !ok || v == nil { + return fmt.Errorf("field systemdEtcd in SpecDistributionModulesLoggingCustomOutputs: required") + } + type Plain SpecDistributionModulesLoggingCustomOutputs + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - *j = SpecKubernetesNodePoolsLaunchKind(v) + *j = SpecDistributionModulesLoggingCustomOutputs(plain) return nil } @@ -3116,1204 +3091,1348 @@ func (j *SpecDistributionModulesIngress) UnmarshalJSON(b []byte) error { } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuth) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["provider"]; !ok || v == nil { - return fmt.Errorf("field provider in SpecDistributionModulesAuth: required") + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") } - type Plain SpecDistributionModulesAuth + if v, ok := raw["ports"]; !ok || v == nil { + return fmt.Errorf("field ports in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") + } + if v, ok := raw["protocol"]; !ok || v == nil { + return fmt.Errorf("field protocol in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") + } + if v, ok := raw["sourceSecurityGroupId"]; !ok || v == nil { + return fmt.Errorf("field sourceSecurityGroupId in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") + } + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId: required") + } + type Plain SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesAuth(plain) + *j = SpecKubernetesNodePoolAdditionalFirewallRuleSourceSecurityGroupId(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthProvider) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressNginx) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesAuthProvider: required") + return fmt.Errorf("field type in SpecDistributionModulesIngressNginx: required") } - type Plain SpecDistributionModulesAuthProvider + type Plain SpecDistributionModulesIngressNginx var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesAuthProvider(plain) - return nil -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthProviderType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesAuthProviderType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesAuthProviderType, v) - } - *j = SpecDistributionModulesAuthProviderType(v) + *j = SpecDistributionModulesIngressNginx(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetes) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolAdditionalFirewallRules) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["apiServer"]; !ok || v == nil { - return fmt.Errorf("field apiServer in SpecKubernetes: required") - } - if v, ok := raw["nodeAllowedSshPublicKey"]; !ok || v == nil { - return fmt.Errorf("field nodeAllowedSshPublicKey in SpecKubernetes: required") - } - if v, ok := raw["nodePoolGlobalAmiType"]; !ok || v == nil { - return fmt.Errorf("field nodePoolGlobalAmiType in SpecKubernetes: required") - } - if v, ok := raw["nodePools"]; !ok || v == nil { - return fmt.Errorf("field nodePools in SpecKubernetes: required") - } - if v, ok := raw["nodePoolsLaunchKind"]; !ok || v == nil { - return fmt.Errorf("field nodePoolsLaunchKind in SpecKubernetes: required") - } - type Plain SpecKubernetes + type Plain SpecKubernetesNodePoolAdditionalFirewallRules var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecKubernetes(plain) + if plain.CidrBlocks != nil && len(plain.CidrBlocks) < 1 { + return fmt.Errorf("field %s length: must be >= %d", "cidrBlocks", 1) + } + if plain.Self != nil && len(plain.Self) < 1 { + return fmt.Errorf("field %s length: must be >= %d", "self", 1) + } + if plain.SourceSecurityGroupId != nil && len(plain.SourceSecurityGroupId) < 1 { + return fmt.Errorf("field %s length: must be >= %d", "sourceSecurityGroupId", 1) + } + *j = SpecKubernetesNodePoolAdditionalFirewallRules(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressNginxType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType { + for _, expected := range enumValues_SpecDistributionModulesIngressNginxType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressNginxType, v) } - *j = SpecKubernetesNodePoolAdditionalFirewallRuleCidrBlockType(v) + *j = SpecDistributionModulesIngressNginxType(v) return nil } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecPluginsHelmReleasesElemSetElem) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecPluginsHelmReleasesElemSetElem: required") - } - if v, ok := raw["value"]; !ok || v == nil { - return fmt.Errorf("field value in SpecPluginsHelmReleasesElemSetElem: required") - } - type Plain SpecPluginsHelmReleasesElemSetElem - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecPluginsHelmReleasesElemSetElem(plain) - return nil +var enumValues_SpecKubernetesNodePoolAmiType = []interface{}{ + "alinux2", + "alinux2023", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthProviderBasicAuth) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *SpecKubernetesNodePoolAmiType) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["password"]; !ok || v == nil { - return fmt.Errorf("field password in SpecDistributionModulesAuthProviderBasicAuth: required") - } - if v, ok := raw["username"]; !ok || v == nil { - return fmt.Errorf("field username in SpecDistributionModulesAuthProviderBasicAuth: required") + var ok bool + for _, expected := range enumValues_SpecKubernetesNodePoolAmiType { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecDistributionModulesAuthProviderBasicAuth - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAmiType, v) } - *j = SpecDistributionModulesAuthProviderBasicAuth(plain) + *j = SpecKubernetesNodePoolAmiType(v) return nil } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthOverridesIngress) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["host"]; !ok || v == nil { - return fmt.Errorf("field host in SpecDistributionModulesAuthOverridesIngress: required") - } - if v, ok := raw["ingressClass"]; !ok || v == nil { - return fmt.Errorf("field ingressClass in SpecDistributionModulesAuthOverridesIngress: required") - } - type Plain SpecDistributionModulesAuthOverridesIngress - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesAuthOverridesIngress(plain) - return nil +var enumValues_SpecDistributionModulesIngressNginxType = []interface{}{ + "none", + "single", + "dual", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthDex) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressNginxTLS) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["connectors"]; !ok || v == nil { - return fmt.Errorf("field connectors in SpecDistributionModulesAuthDex: required") + if v, ok := raw["provider"]; !ok || v == nil { + return fmt.Errorf("field provider in SpecDistributionModulesIngressNginxTLS: required") } - type Plain SpecDistributionModulesAuthDex + type Plain SpecDistributionModulesIngressNginxTLS var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesAuthDex(plain) + *j = SpecDistributionModulesIngressNginxTLS(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingCustomOutputs) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressNginxTLSSecret) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["audit"]; !ok || v == nil { - return fmt.Errorf("field audit in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["errors"]; !ok || v == nil { - return fmt.Errorf("field errors in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["events"]; !ok || v == nil { - return fmt.Errorf("field events in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["infra"]; !ok || v == nil { - return fmt.Errorf("field infra in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["ingressNginx"]; !ok || v == nil { - return fmt.Errorf("field ingressNginx in SpecDistributionModulesLoggingCustomOutputs: required") - } - if v, ok := raw["kubernetes"]; !ok || v == nil { - return fmt.Errorf("field kubernetes in SpecDistributionModulesLoggingCustomOutputs: required") + if v, ok := raw["ca"]; !ok || v == nil { + return fmt.Errorf("field ca in SpecDistributionModulesIngressNginxTLSSecret: required") } - if v, ok := raw["systemdCommon"]; !ok || v == nil { - return fmt.Errorf("field systemdCommon in SpecDistributionModulesLoggingCustomOutputs: required") + if v, ok := raw["cert"]; !ok || v == nil { + return fmt.Errorf("field cert in SpecDistributionModulesIngressNginxTLSSecret: required") } - if v, ok := raw["systemdEtcd"]; !ok || v == nil { - return fmt.Errorf("field systemdEtcd in SpecDistributionModulesLoggingCustomOutputs: required") + if v, ok := raw["key"]; !ok || v == nil { + return fmt.Errorf("field key in SpecDistributionModulesIngressNginxTLSSecret: required") } - type Plain SpecDistributionModulesLoggingCustomOutputs + type Plain SpecDistributionModulesIngressNginxTLSSecret var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesLoggingCustomOutputs(plain) + *j = SpecDistributionModulesIngressNginxTLSSecret(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCustomPatchesSecretGeneratorResource) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *SpecDistributionModulesIngressNginxTLSProvider) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["name"]; !ok || v == nil { - return fmt.Errorf("field name in SpecDistributionCustomPatchesSecretGeneratorResource: required") + var ok bool + for _, expected := range enumValues_SpecDistributionModulesIngressNginxTLSProvider { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecDistributionCustomPatchesSecretGeneratorResource - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressNginxTLSProvider, v) } - *j = SpecDistributionCustomPatchesSecretGeneratorResource(plain) + *j = SpecDistributionModulesIngressNginxTLSProvider(v) return nil } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAdditionalFirewallRulePorts) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["from"]; !ok || v == nil { - return fmt.Errorf("field from in SpecKubernetesNodePoolAdditionalFirewallRulePorts: required") - } - if v, ok := raw["to"]; !ok || v == nil { - return fmt.Errorf("field to in SpecKubernetesNodePoolAdditionalFirewallRulePorts: required") - } - type Plain SpecKubernetesNodePoolAdditionalFirewallRulePorts - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecKubernetesNodePoolAdditionalFirewallRulePorts(plain) - return nil +var enumValues_SpecKubernetesNodePoolContainerRuntime = []interface{}{ + "docker", + "containerd", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCustomPatchesSecretGeneratorResourceBehavior) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolContainerRuntime) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior { + for _, expected := range enumValues_SpecKubernetesNodePoolContainerRuntime { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolContainerRuntime, v) } - *j = SpecDistributionCustomPatchesSecretGeneratorResourceBehavior(v) + *j = SpecKubernetesNodePoolContainerRuntime(v) return nil } +var enumValues_SpecDistributionModulesIngressNginxTLSProvider = []interface{}{ + "certManager", + "secret", + "none", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecToolsConfigurationTerraformStateS3) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressDNSPublic) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["bucketName"]; !ok || v == nil { - return fmt.Errorf("field bucketName in SpecToolsConfigurationTerraformStateS3: required") - } - if v, ok := raw["keyPrefix"]; !ok || v == nil { - return fmt.Errorf("field keyPrefix in SpecToolsConfigurationTerraformStateS3: required") + if v, ok := raw["create"]; !ok || v == nil { + return fmt.Errorf("field create in SpecDistributionModulesIngressDNSPublic: required") } - if v, ok := raw["region"]; !ok || v == nil { - return fmt.Errorf("field region in SpecToolsConfigurationTerraformStateS3: required") + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionModulesIngressDNSPublic: required") } - type Plain SpecToolsConfigurationTerraformStateS3 + type Plain SpecDistributionModulesIngressDNSPublic var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecToolsConfigurationTerraformStateS3(plain) - return nil -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingLokiBackend) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesLoggingLokiBackend { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingLokiBackend, v) - } - *j = SpecDistributionModulesLoggingLokiBackend(v) + *j = SpecDistributionModulesIngressDNSPublic(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecToolsConfigurationTerraformState) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressDNSPrivate) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["s3"]; !ok || v == nil { - return fmt.Errorf("field s3 in SpecToolsConfigurationTerraformState: required") + if v, ok := raw["create"]; !ok || v == nil { + return fmt.Errorf("field create in SpecDistributionModulesIngressDNSPrivate: required") } - type Plain SpecToolsConfigurationTerraformState + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionModulesIngressDNSPrivate: required") + } + type Plain SpecDistributionModulesIngressDNSPrivate var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecToolsConfigurationTerraformState(plain) + *j = SpecDistributionModulesIngressDNSPrivate(plain) return nil } +var enumValues_SpecKubernetesNodePoolInstanceVolumeType = []interface{}{ + "gp2", + "gp3", + "io1", + "standard", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolAmiType) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolInstanceVolumeType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolAmiType { + for _, expected := range enumValues_SpecKubernetesNodePoolInstanceVolumeType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolAmiType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolInstanceVolumeType, v) } - *j = SpecKubernetesNodePoolAmiType(v) + *j = SpecKubernetesNodePoolInstanceVolumeType(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecToolsConfigurationTerraform) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressCertManager) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["state"]; !ok || v == nil { - return fmt.Errorf("field state in SpecToolsConfigurationTerraform: required") + if v, ok := raw["clusterIssuer"]; !ok || v == nil { + return fmt.Errorf("field clusterIssuer in SpecDistributionModulesIngressCertManager: required") } - type Plain SpecToolsConfigurationTerraform + type Plain SpecDistributionModulesIngressCertManager var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecToolsConfigurationTerraform(plain) - return nil -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesNodePoolGlobalAmiType) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecKubernetesNodePoolGlobalAmiType { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolGlobalAmiType, v) - } - *j = SpecKubernetesNodePoolGlobalAmiType(v) + *j = SpecDistributionModulesIngressCertManager(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecToolsConfiguration) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressCertManagerClusterIssuer) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["terraform"]; !ok || v == nil { - return fmt.Errorf("field terraform in SpecToolsConfiguration: required") + if v, ok := raw["email"]; !ok || v == nil { + return fmt.Errorf("field email in SpecDistributionModulesIngressCertManagerClusterIssuer: required") } - type Plain SpecToolsConfiguration + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionModulesIngressCertManagerClusterIssuer: required") + } + type Plain SpecDistributionModulesIngressCertManagerClusterIssuer var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecToolsConfiguration(plain) + *j = SpecDistributionModulesIngressCertManagerClusterIssuer(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesIngressCertManagerClusterIssuerType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior { + for _, expected := range enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType, v) } - *j = SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior(v) + *j = SpecDistributionModulesIngressCertManagerClusterIssuerType(v) return nil } +var enumValues_SpecDistributionModulesIngressCertManagerClusterIssuerType = []interface{}{ + "dns01", + "http01", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *Spec) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesDr) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["distribution"]; !ok || v == nil { - return fmt.Errorf("field distribution in Spec: required") - } - if v, ok := raw["distributionVersion"]; !ok || v == nil { - return fmt.Errorf("field distributionVersion in Spec: required") + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesDr: required") } - if v, ok := raw["kubernetes"]; !ok || v == nil { - return fmt.Errorf("field kubernetes in Spec: required") + type Plain SpecDistributionModulesDr + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - if v, ok := raw["region"]; !ok || v == nil { - return fmt.Errorf("field region in Spec: required") + *j = SpecDistributionModulesDr(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecKubernetesNodePoolInstance) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err } - if v, ok := raw["toolsConfiguration"]; !ok || v == nil { - return fmt.Errorf("field toolsConfiguration in Spec: required") + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecKubernetesNodePoolInstance: required") } - type Plain Spec + type Plain SpecKubernetesNodePoolInstance var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - if len(plain.DistributionVersion) < 1 { - return fmt.Errorf("field %s length: must be >= %d", "distributionVersion", 1) - } - *j = Spec(plain) + *j = SpecKubernetesNodePoolInstance(plain) return nil } +type TypesKubeLabels_1 map[string]string + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingLoki) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesDrVelero) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["tsdbStartDate"]; !ok || v == nil { - return fmt.Errorf("field tsdbStartDate in SpecDistributionModulesLoggingLoki: required") + if v, ok := raw["eks"]; !ok || v == nil { + return fmt.Errorf("field eks in SpecDistributionModulesDrVelero: required") } - type Plain SpecDistributionModulesLoggingLoki + type Plain SpecDistributionModulesDrVelero var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesLoggingLoki(plain) + *j = SpecDistributionModulesDrVelero(plain) return nil } +type TypesCidr string + +type TypesAwsSubnetId string + +type TypesKubeTaints []string + // UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeToleration) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesDrVeleroEks) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["effect"]; !ok || v == nil { - return fmt.Errorf("field effect in TypesKubeToleration: required") + if v, ok := raw["bucketName"]; !ok || v == nil { + return fmt.Errorf("field bucketName in SpecDistributionModulesDrVeleroEks: required") } - if v, ok := raw["key"]; !ok || v == nil { - return fmt.Errorf("field key in TypesKubeToleration: required") + if v, ok := raw["region"]; !ok || v == nil { + return fmt.Errorf("field region in SpecDistributionModulesDrVeleroEks: required") } - type Plain TypesKubeToleration + type Plain SpecDistributionModulesDrVeleroEks var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = TypesKubeToleration(plain) + *j = SpecDistributionModulesDrVeleroEks(plain) return nil } +var enumValues_SpecKubernetesNodePoolType = []interface{}{ + "eks-managed", + "self-managed", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingOpensearchType) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesLoggingOpensearchType { + for _, expected := range enumValues_SpecKubernetesNodePoolType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingOpensearchType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolType, v) } - *j = SpecDistributionModulesLoggingOpensearchType(v) + *j = SpecKubernetesNodePoolType(v) return nil } +const ( + TypesAwsRegionUsGovWest1 TypesAwsRegion = "us-gov-west-1" + TypesAwsRegionUsWest1 TypesAwsRegion = "us-west-1" + TypesAwsRegionUsWest2 TypesAwsRegion = "us-west-2" +) + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingOpensearch) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePool) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } + if v, ok := raw["instance"]; !ok || v == nil { + return fmt.Errorf("field instance in SpecKubernetesNodePool: required") + } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecKubernetesNodePool: required") + } + if v, ok := raw["size"]; !ok || v == nil { + return fmt.Errorf("field size in SpecKubernetesNodePool: required") + } if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesLoggingOpensearch: required") + return fmt.Errorf("field type in SpecKubernetesNodePool: required") } - type Plain SpecDistributionModulesLoggingOpensearch + type Plain SpecKubernetesNodePool var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesLoggingOpensearch(plain) + *j = SpecKubernetesNodePool(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *TypesAwsRegion) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { + return err + } + var ok bool + for _, expected := range enumValues_TypesAwsRegion { + if reflect.DeepEqual(v, expected) { + ok = true + break + } + } + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesAwsRegion, v) + } + *j = TypesAwsRegion(v) return nil } +var enumValues_SpecKubernetesNodePoolsCommonMetadataHttpEndpoint = []interface{}{ + "enabled", + "disabled", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesLogsTypesElem) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolsCommonMetadataHttpEndpoint) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesLogsTypesElem { + for _, expected := range enumValues_SpecKubernetesNodePoolsCommonMetadataHttpEndpoint { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesLogsTypesElem, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolsCommonMetadataHttpEndpoint, v) } - *j = SpecKubernetesLogsTypesElem(v) + *j = SpecKubernetesNodePoolsCommonMetadataHttpEndpoint(v) return nil } +type TypesAwsS3BucketName string + +var enumValues_TypesAwsRegion = []interface{}{ + "af-south-1", + "ap-east-1", + "ap-northeast-1", + "ap-northeast-2", + "ap-northeast-3", + "ap-south-1", + "ap-south-2", + "ap-southeast-1", + "ap-southeast-2", + "ap-southeast-3", + "ap-southeast-4", + "ca-central-1", + "eu-central-1", + "eu-central-2", + "eu-north-1", + "eu-south-1", + "eu-south-2", + "eu-west-1", + "eu-west-2", + "eu-west-3", + "me-central-1", + "me-south-1", + "sa-east-1", + "us-east-1", + "us-east-2", + "us-gov-east-1", + "us-gov-west-1", + "us-west-1", + "us-west-2", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeTolerationOperator) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesDrType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_TypesKubeTolerationOperator { + for _, expected := range enumValues_SpecDistributionModulesDrType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationOperator, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesDrType, v) } - *j = TypesKubeTolerationOperator(v) + *j = SpecDistributionModulesDrType(v) return nil } -var enumValues_TypesKubeTolerationOperator = []interface{}{ - "Exists", - "Equal", +var enumValues_SpecKubernetesNodePoolsCommonMetadataHttpTokens = []interface{}{ + "optional", + "required", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLoggingType) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetesNodePoolsCommonMetadataHttpTokens) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesLoggingType { + for _, expected := range enumValues_SpecKubernetesNodePoolsCommonMetadataHttpTokens { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesLoggingType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolsCommonMetadataHttpTokens, v) } - *j = SpecDistributionModulesLoggingType(v) + *j = SpecKubernetesNodePoolsCommonMetadataHttpTokens(v) return nil } +// Override the common configuration with a particular configuration for the +// module. +type TypesFuryModuleOverrides struct { + // Ingresses corresponds to the JSON schema field "ingresses". + Ingresses TypesFuryModuleOverridesIngresses `json:"ingresses,omitempty" yaml:"ingresses,omitempty" mapstructure:"ingresses,omitempty"` + + // Set to override the node selector used to place the pods of the module. + NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + + // Set to override the tolerations that will be added to the pods of the module. + Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +} + +type TypesFuryModuleOverridesIngresses map[string]TypesFuryModuleOverridesIngress + +type TypesFuryModuleOverridesIngress struct { + // If true, the ingress will not have authentication even if + // `.spec.modules.auth.provider.type` is SSO or Basic Auth. + DisableAuth *bool `json:"disableAuth,omitempty" yaml:"disableAuth,omitempty" mapstructure:"disableAuth,omitempty"` + + // Use this host for the ingress instead of the default one. + Host *string `json:"host,omitempty" yaml:"host,omitempty" mapstructure:"host,omitempty"` + + // Use this ingress class for the ingress instead of the default one. + IngressClass *string `json:"ingressClass,omitempty" yaml:"ingressClass,omitempty" mapstructure:"ingressClass,omitempty"` +} + +var enumValues_SpecDistributionModulesDrType = []interface{}{ + "none", + "eks", +} + +var enumValues_SpecKubernetesNodePoolsLaunchKind = []interface{}{ + "launch_configurations", + "launch_templates", + "both", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesLogRetentionDays) UnmarshalJSON(b []byte) error { - var v int +func (j *SpecKubernetesNodePoolsLaunchKind) UnmarshalJSON(b []byte) error { + var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecKubernetesLogRetentionDays { + for _, expected := range enumValues_SpecKubernetesNodePoolsLaunchKind { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesLogRetentionDays, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecKubernetesNodePoolsLaunchKind, v) } - *j = SpecKubernetesLogRetentionDays(v) + *j = SpecKubernetesNodePoolsLaunchKind(v) return nil } +type TypesFuryModuleComponentOverridesWithIAMRoleName struct { + // IamRoleName corresponds to the JSON schema field "iamRoleName". + IamRoleName *TypesAwsIamRoleName `json:"iamRoleName,omitempty" yaml:"iamRoleName,omitempty" mapstructure:"iamRoleName,omitempty"` + + // The node selector to use to place the pods for the load balancer controller + // module. + NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + + // The tolerations that will be added to the pods for the cluster autoscaler + // module. + Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesLogging) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesAuth) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesLogging: required") + if v, ok := raw["provider"]; !ok || v == nil { + return fmt.Errorf("field provider in SpecDistributionModulesAuth: required") } - type Plain SpecDistributionModulesLogging + type Plain SpecDistributionModulesAuth var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesLogging(plain) + *j = SpecDistributionModulesAuth(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesMonitoringMimirBackend) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { +func (j *SpecDistributionModulesAuthProvider) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { return err } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesMonitoringMimirBackend { - if reflect.DeepEqual(v, expected) { - ok = true - break - } + if v, ok := raw["type"]; !ok || v == nil { + return fmt.Errorf("field type in SpecDistributionModulesAuthProvider: required") } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesMonitoringMimirBackend, v) + type Plain SpecDistributionModulesAuthProvider + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - *j = SpecDistributionModulesMonitoringMimirBackend(v) + *j = SpecDistributionModulesAuthProvider(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeTolerationEffect) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesAuthProviderType) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_TypesKubeTolerationEffect { + for _, expected := range enumValues_SpecDistributionModulesAuthProviderType { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationEffect, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesAuthProviderType, v) } - *j = TypesKubeTolerationEffect(v) + *j = SpecDistributionModulesAuthProviderType(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthPomeriumSecrets) UnmarshalJSON(b []byte) error { +func (j *SpecKubernetes) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["COOKIE_SECRET"]; !ok || v == nil { - return fmt.Errorf("field COOKIE_SECRET in SpecDistributionModulesAuthPomeriumSecrets: required") + if v, ok := raw["apiServer"]; !ok || v == nil { + return fmt.Errorf("field apiServer in SpecKubernetes: required") } - if v, ok := raw["IDP_CLIENT_SECRET"]; !ok || v == nil { - return fmt.Errorf("field IDP_CLIENT_SECRET in SpecDistributionModulesAuthPomeriumSecrets: required") + if v, ok := raw["nodeAllowedSshPublicKey"]; !ok || v == nil { + return fmt.Errorf("field nodeAllowedSshPublicKey in SpecKubernetes: required") } - if v, ok := raw["SHARED_SECRET"]; !ok || v == nil { - return fmt.Errorf("field SHARED_SECRET in SpecDistributionModulesAuthPomeriumSecrets: required") + if v, ok := raw["nodePoolGlobalAmiType"]; !ok || v == nil { + return fmt.Errorf("field nodePoolGlobalAmiType in SpecKubernetes: required") } - if v, ok := raw["SIGNING_KEY"]; !ok || v == nil { - return fmt.Errorf("field SIGNING_KEY in SpecDistributionModulesAuthPomeriumSecrets: required") + if v, ok := raw["nodePools"]; !ok || v == nil { + return fmt.Errorf("field nodePools in SpecKubernetes: required") } - type Plain SpecDistributionModulesAuthPomeriumSecrets + if v, ok := raw["nodePoolsLaunchKind"]; !ok || v == nil { + return fmt.Errorf("field nodePoolsLaunchKind in SpecKubernetes: required") + } + type Plain SpecKubernetes var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesAuthPomeriumSecrets(plain) + *j = SpecKubernetes(plain) return nil } +var enumValues_SpecDistributionModulesAuthProviderType = []interface{}{ + "none", + "basicAuth", + "sso", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesAwsAuthUser) UnmarshalJSON(b []byte) error { +func (j *SpecPluginsHelmReleasesElemSetElem) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["groups"]; !ok || v == nil { - return fmt.Errorf("field groups in SpecKubernetesAwsAuthUser: required") + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecPluginsHelmReleasesElemSetElem: required") } - if v, ok := raw["userarn"]; !ok || v == nil { - return fmt.Errorf("field userarn in SpecKubernetesAwsAuthUser: required") + if v, ok := raw["value"]; !ok || v == nil { + return fmt.Errorf("field value in SpecPluginsHelmReleasesElemSetElem: required") + } + type Plain SpecPluginsHelmReleasesElemSetElem + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err + } + *j = SpecPluginsHelmReleasesElemSetElem(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAuthProviderBasicAuth) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["password"]; !ok || v == nil { + return fmt.Errorf("field password in SpecDistributionModulesAuthProviderBasicAuth: required") } if v, ok := raw["username"]; !ok || v == nil { - return fmt.Errorf("field username in SpecKubernetesAwsAuthUser: required") + return fmt.Errorf("field username in SpecDistributionModulesAuthProviderBasicAuth: required") } - type Plain SpecKubernetesAwsAuthUser + type Plain SpecDistributionModulesAuthProviderBasicAuth var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecKubernetesAwsAuthUser(plain) + *j = SpecDistributionModulesAuthProviderBasicAuth(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesAwsAuthRole) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesAuthOverridesIngress) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["groups"]; !ok || v == nil { - return fmt.Errorf("field groups in SpecKubernetesAwsAuthRole: required") + if v, ok := raw["host"]; !ok || v == nil { + return fmt.Errorf("field host in SpecDistributionModulesAuthOverridesIngress: required") } - if v, ok := raw["rolearn"]; !ok || v == nil { - return fmt.Errorf("field rolearn in SpecKubernetesAwsAuthRole: required") + if v, ok := raw["ingressClass"]; !ok || v == nil { + return fmt.Errorf("field ingressClass in SpecDistributionModulesAuthOverridesIngress: required") } - if v, ok := raw["username"]; !ok || v == nil { - return fmt.Errorf("field username in SpecKubernetesAwsAuthRole: required") + type Plain SpecDistributionModulesAuthOverridesIngress + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - type Plain SpecKubernetesAwsAuthRole + *j = SpecDistributionModulesAuthOverridesIngress(plain) + return nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (j *SpecDistributionModulesAuthDex) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + if v, ok := raw["connectors"]; !ok || v == nil { + return fmt.Errorf("field connectors in SpecDistributionModulesAuthDex: required") + } + type Plain SpecDistributionModulesAuthDex var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecKubernetesAwsAuthRole(plain) + *j = SpecDistributionModulesAuthDex(plain) return nil } -var enumValues_TypesKubeTolerationEffect_1 = []interface{}{ - "NoSchedule", - "PreferNoSchedule", - "NoExecute", +type TypesFuryModuleComponentOverrides struct { + // Set to override the node selector used to place the pods of the package. + NodeSelector TypesKubeNodeSelector `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + + // Set to override the tolerations that will be added to the pods of the package. + Tolerations []TypesKubeToleration `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` } // UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeTolerationEffect_1) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { +func (j *SpecDistributionCustomPatchesSecretGeneratorResource) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { return err } - var ok bool - for _, expected := range enumValues_TypesKubeTolerationEffect_1 { - if reflect.DeepEqual(v, expected) { - ok = true - break - } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionCustomPatchesSecretGeneratorResource: required") } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationEffect_1, v) + type Plain SpecDistributionCustomPatchesSecretGeneratorResource + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - *j = TypesKubeTolerationEffect_1(v) + *j = SpecDistributionCustomPatchesSecretGeneratorResource(plain) return nil } +type TypesAwsS3KeyPrefix string + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesMonitoringType) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionCustomPatchesSecretGeneratorResourceBehavior) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesMonitoringType { + for _, expected := range enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesMonitoringType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior, v) } - *j = SpecDistributionModulesMonitoringType(v) + *j = SpecDistributionCustomPatchesSecretGeneratorResourceBehavior(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesMonitoring) UnmarshalJSON(b []byte) error { +func (j *SpecToolsConfigurationTerraformStateS3) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesMonitoring: required") + if v, ok := raw["bucketName"]; !ok || v == nil { + return fmt.Errorf("field bucketName in SpecToolsConfigurationTerraformStateS3: required") } - type Plain SpecDistributionModulesMonitoring + if v, ok := raw["keyPrefix"]; !ok || v == nil { + return fmt.Errorf("field keyPrefix in SpecToolsConfigurationTerraformStateS3: required") + } + if v, ok := raw["region"]; !ok || v == nil { + return fmt.Errorf("field region in SpecToolsConfigurationTerraformStateS3: required") + } + type Plain SpecToolsConfigurationTerraformStateS3 var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesMonitoring(plain) + *j = SpecToolsConfigurationTerraformStateS3(plain) return nil } +var enumValues_SpecDistributionCustomPatchesSecretGeneratorResourceBehavior = []interface{}{ + "create", + "replace", + "merge", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecKubernetesAPIServer) UnmarshalJSON(b []byte) error { +func (j *SpecToolsConfigurationTerraformState) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["privateAccess"]; !ok || v == nil { - return fmt.Errorf("field privateAccess in SpecKubernetesAPIServer: required") - } - if v, ok := raw["publicAccess"]; !ok || v == nil { - return fmt.Errorf("field publicAccess in SpecKubernetesAPIServer: required") + if v, ok := raw["s3"]; !ok || v == nil { + return fmt.Errorf("field s3 in SpecToolsConfigurationTerraformState: required") } - type Plain SpecKubernetesAPIServer + type Plain SpecToolsConfigurationTerraformState var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecKubernetesAPIServer(plain) + *j = SpecToolsConfigurationTerraformState(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesPolicyGatekeeperEnforcementAction) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { +func (j *SpecDistributionCustomPatchesConfigMapGeneratorResource) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { return err } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesPolicyGatekeeperEnforcementAction { - if reflect.DeepEqual(v, expected) { - ok = true - break - } + if v, ok := raw["name"]; !ok || v == nil { + return fmt.Errorf("field name in SpecDistributionCustomPatchesConfigMapGeneratorResource: required") } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesPolicyGatekeeperEnforcementAction, v) + type Plain SpecDistributionCustomPatchesConfigMapGeneratorResource + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - *j = SpecDistributionModulesPolicyGatekeeperEnforcementAction(v) + *j = SpecDistributionCustomPatchesConfigMapGeneratorResource(plain) return nil } -var enumValues_TypesKubeTolerationOperator_1 = []interface{}{ - "Exists", - "Equal", -} - // UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeTolerationOperator_1) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { +func (j *SpecToolsConfigurationTerraform) UnmarshalJSON(b []byte) error { + var raw map[string]interface{} + if err := json.Unmarshal(b, &raw); err != nil { return err } - var ok bool - for _, expected := range enumValues_TypesKubeTolerationOperator_1 { - if reflect.DeepEqual(v, expected) { - ok = true - break - } + if v, ok := raw["state"]; !ok || v == nil { + return fmt.Errorf("field state in SpecToolsConfigurationTerraform: required") } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationOperator_1, v) + type Plain SpecToolsConfigurationTerraform + var plain Plain + if err := json.Unmarshal(b, &plain); err != nil { + return err } - *j = TypesKubeTolerationOperator_1(v) + *j = SpecToolsConfigurationTerraform(plain) return nil } +type TypesKubeLabels map[string]string + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecInfrastructureVpn) UnmarshalJSON(b []byte) error { +func (j *SpecToolsConfiguration) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["ssh"]; !ok || v == nil { - return fmt.Errorf("field ssh in SpecInfrastructureVpn: required") - } - if v, ok := raw["vpnClientsSubnetCidr"]; !ok || v == nil { - return fmt.Errorf("field vpnClientsSubnetCidr in SpecInfrastructureVpn: required") + if v, ok := raw["terraform"]; !ok || v == nil { + return fmt.Errorf("field terraform in SpecToolsConfiguration: required") } - type Plain SpecInfrastructureVpn + type Plain SpecToolsConfiguration var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecInfrastructureVpn(plain) + *j = SpecToolsConfiguration(plain) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesPolicyGatekeeper) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["enforcementAction"]; !ok || v == nil { - return fmt.Errorf("field enforcementAction in SpecDistributionModulesPolicyGatekeeper: required") - } - if v, ok := raw["installDefaultPolicies"]; !ok || v == nil { - return fmt.Errorf("field installDefaultPolicies in SpecDistributionModulesPolicyGatekeeper: required") + var ok bool + for _, expected := range enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecDistributionModulesPolicyGatekeeper - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior, v) } - *j = SpecDistributionModulesPolicyGatekeeper(plain) + *j = SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecInfrastructureVpnSsh) UnmarshalJSON(b []byte) error { +func (j *Spec) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["allowedFromCidrs"]; !ok || v == nil { - return fmt.Errorf("field allowedFromCidrs in SpecInfrastructureVpnSsh: required") + if v, ok := raw["distribution"]; !ok || v == nil { + return fmt.Errorf("field distribution in Spec: required") } - if v, ok := raw["githubUsersName"]; !ok || v == nil { - return fmt.Errorf("field githubUsersName in SpecInfrastructureVpnSsh: required") + if v, ok := raw["distributionVersion"]; !ok || v == nil { + return fmt.Errorf("field distributionVersion in Spec: required") } - type Plain SpecInfrastructureVpnSsh + if v, ok := raw["kubernetes"]; !ok || v == nil { + return fmt.Errorf("field kubernetes in Spec: required") + } + if v, ok := raw["region"]; !ok || v == nil { + return fmt.Errorf("field region in Spec: required") + } + if v, ok := raw["toolsConfiguration"]; !ok || v == nil { + return fmt.Errorf("field toolsConfiguration in Spec: required") + } + type Plain Spec var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - if plain.GithubUsersName != nil && len(plain.GithubUsersName) < 1 { - return fmt.Errorf("field %s length: must be >= %d", "githubUsersName", 1) + if len(plain.DistributionVersion) < 1 { + return fmt.Errorf("field %s length: must be >= %d", "distributionVersion", 1) } - *j = SpecInfrastructureVpnSsh(plain) + *j = Spec(plain) return nil } +var enumValues_SpecDistributionCustomPatchesConfigMapGeneratorResourceBehavior = []interface{}{ + "create", + "replace", + "merge", +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *TypesKubeToleration_1) UnmarshalJSON(b []byte) error { +func (j *TypesKubeToleration) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } if v, ok := raw["effect"]; !ok || v == nil { - return fmt.Errorf("field effect in TypesKubeToleration_1: required") + return fmt.Errorf("field effect in TypesKubeToleration: required") } if v, ok := raw["key"]; !ok || v == nil { - return fmt.Errorf("field key in TypesKubeToleration_1: required") - } - if v, ok := raw["value"]; !ok || v == nil { - return fmt.Errorf("field value in TypesKubeToleration_1: required") + return fmt.Errorf("field key in TypesKubeToleration: required") } - type Plain TypesKubeToleration_1 + type Plain TypesKubeToleration var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = TypesKubeToleration_1(plain) + *j = TypesKubeToleration(plain) return nil } +type TypesKubeToleration struct { + // Effect corresponds to the JSON schema field "effect". + Effect TypesKubeTolerationEffect `json:"effect" yaml:"effect" mapstructure:"effect"` + + // The key of the toleration + Key string `json:"key" yaml:"key" mapstructure:"key"` + + // Operator corresponds to the JSON schema field "operator". + Operator *TypesKubeTolerationOperator `json:"operator,omitempty" yaml:"operator,omitempty" mapstructure:"operator,omitempty"` + + // The value of the toleration + Value *string `json:"value,omitempty" yaml:"value,omitempty" mapstructure:"value,omitempty"` +} + +const ( + TypesKubeTolerationOperatorEqual TypesKubeTolerationOperator = "Equal" + TypesKubeTolerationOperatorExists TypesKubeTolerationOperator = "Exists" +) + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecInfrastructureVpc) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *TypesKubeTolerationOperator) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["network"]; !ok || v == nil { - return fmt.Errorf("field network in SpecInfrastructureVpc: required") + var ok bool + for _, expected := range enumValues_TypesKubeTolerationOperator { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecInfrastructureVpc - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationOperator, v) } - *j = SpecInfrastructureVpc(plain) + *j = TypesKubeTolerationOperator(v) return nil } -var enumValues_TypesKubeTolerationEffect = []interface{}{ - "NoSchedule", - "PreferNoSchedule", - "NoExecute", +var enumValues_TypesKubeTolerationOperator = []interface{}{ + "Exists", + "Equal", } +type TypesKubeTolerationOperator string + +const ( + TypesKubeTolerationEffectNoExecute TypesKubeTolerationEffect = "NoExecute" + TypesKubeTolerationEffectPreferNoSchedule TypesKubeTolerationEffect = "PreferNoSchedule" + TypesKubeTolerationEffectNoSchedule TypesKubeTolerationEffect = "NoSchedule" +) + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesPolicyKyvernoValidationFailureAction) UnmarshalJSON(b []byte) error { +func (j *TypesKubeTolerationEffect) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction { + for _, expected := range enumValues_TypesKubeTolerationEffect { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesPolicyKyvernoValidationFailureAction, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationEffect, v) } - *j = SpecDistributionModulesPolicyKyvernoValidationFailureAction(v) + *j = TypesKubeTolerationEffect(v) return nil } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesAuthPomerium_2) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesAuthPomeriumSecrets) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["secrets"]; !ok || v == nil { - return fmt.Errorf("field secrets in SpecDistributionModulesAuthPomerium_2: required") - } - type Plain SpecDistributionModulesAuthPomerium_2 - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if v, ok := raw["COOKIE_SECRET"]; !ok || v == nil { + return fmt.Errorf("field COOKIE_SECRET in SpecDistributionModulesAuthPomeriumSecrets: required") } - *j = SpecDistributionModulesAuthPomerium_2(plain) - return nil -} - -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecInfrastructureVpcNetwork) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err + if v, ok := raw["IDP_CLIENT_SECRET"]; !ok || v == nil { + return fmt.Errorf("field IDP_CLIENT_SECRET in SpecDistributionModulesAuthPomeriumSecrets: required") } - if v, ok := raw["cidr"]; !ok || v == nil { - return fmt.Errorf("field cidr in SpecInfrastructureVpcNetwork: required") + if v, ok := raw["SHARED_SECRET"]; !ok || v == nil { + return fmt.Errorf("field SHARED_SECRET in SpecDistributionModulesAuthPomeriumSecrets: required") } - if v, ok := raw["subnetsCidrs"]; !ok || v == nil { - return fmt.Errorf("field subnetsCidrs in SpecInfrastructureVpcNetwork: required") + if v, ok := raw["SIGNING_KEY"]; !ok || v == nil { + return fmt.Errorf("field SIGNING_KEY in SpecDistributionModulesAuthPomeriumSecrets: required") } - type Plain SpecInfrastructureVpcNetwork + type Plain SpecDistributionModulesAuthPomeriumSecrets var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecInfrastructureVpcNetwork(plain) + *j = SpecDistributionModulesAuthPomeriumSecrets(plain) return nil } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesPolicyKyverno) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["installDefaultPolicies"]; !ok || v == nil { - return fmt.Errorf("field installDefaultPolicies in SpecDistributionModulesPolicyKyverno: required") - } - if v, ok := raw["validationFailureAction"]; !ok || v == nil { - return fmt.Errorf("field validationFailureAction in SpecDistributionModulesPolicyKyverno: required") - } - type Plain SpecDistributionModulesPolicyKyverno - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesPolicyKyverno(plain) - return nil +type TypesKubeNodeSelector_1 map[string]string + +type TypesKubeTolerationEffect_1 string + +var enumValues_TypesKubeTolerationEffect_1 = []interface{}{ + "NoSchedule", + "PreferNoSchedule", + "NoExecute", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecInfrastructureVpcNetworkSubnetsCidrs) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { +func (j *TypesKubeTolerationEffect_1) UnmarshalJSON(b []byte) error { + var v string + if err := json.Unmarshal(b, &v); err != nil { return err } - if v, ok := raw["private"]; !ok || v == nil { - return fmt.Errorf("field private in SpecInfrastructureVpcNetworkSubnetsCidrs: required") - } - if v, ok := raw["public"]; !ok || v == nil { - return fmt.Errorf("field public in SpecInfrastructureVpcNetworkSubnetsCidrs: required") + var ok bool + for _, expected := range enumValues_TypesKubeTolerationEffect_1 { + if reflect.DeepEqual(v, expected) { + ok = true + break + } } - type Plain SpecInfrastructureVpcNetworkSubnetsCidrs - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err + if !ok { + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationEffect_1, v) } - *j = SpecInfrastructureVpcNetworkSubnetsCidrs(plain) + *j = TypesKubeTolerationEffect_1(v) return nil } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistribution) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["modules"]; !ok || v == nil { - return fmt.Errorf("field modules in SpecDistribution: required") - } - type Plain SpecDistribution - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistribution(plain) - return nil +const ( + TypesKubeTolerationEffect_1_NoSchedule TypesKubeTolerationEffect_1 = "NoSchedule" + TypesKubeTolerationEffect_1_PreferNoSchedule TypesKubeTolerationEffect_1 = "PreferNoSchedule" + TypesKubeTolerationEffect_1_NoExecute TypesKubeTolerationEffect_1 = "NoExecute" +) + +type TypesKubeTolerationOperator_1 string + +var enumValues_TypesKubeTolerationOperator_1 = []interface{}{ + "Exists", + "Equal", } // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesPolicyType) UnmarshalJSON(b []byte) error { +func (j *TypesKubeTolerationOperator_1) UnmarshalJSON(b []byte) error { var v string if err := json.Unmarshal(b, &v); err != nil { return err } var ok bool - for _, expected := range enumValues_SpecDistributionModulesPolicyType { + for _, expected := range enumValues_TypesKubeTolerationOperator_1 { if reflect.DeepEqual(v, expected) { ok = true break } } if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesPolicyType, v) + return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_TypesKubeTolerationOperator_1, v) } - *j = SpecDistributionModulesPolicyType(v) + *j = TypesKubeTolerationOperator_1(v) return nil } +const ( + TypesKubeTolerationOperator_1_Exists TypesKubeTolerationOperator_1 = "Exists" + TypesKubeTolerationOperator_1_Equal TypesKubeTolerationOperator_1 = "Equal" +) + +type TypesKubeToleration_1 struct { + // Effect corresponds to the JSON schema field "effect". + Effect TypesKubeTolerationEffect_1 `json:"effect" yaml:"effect" mapstructure:"effect"` + + // Key corresponds to the JSON schema field "key". + Key string `json:"key" yaml:"key" mapstructure:"key"` + + // Operator corresponds to the JSON schema field "operator". + Operator *TypesKubeTolerationOperator_1 `json:"operator,omitempty" yaml:"operator,omitempty" mapstructure:"operator,omitempty"` + + // Value corresponds to the JSON schema field "value". + Value string `json:"value" yaml:"value" mapstructure:"value"` +} + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModules) UnmarshalJSON(b []byte) error { +func (j *TypesKubeToleration_1) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["dr"]; !ok || v == nil { - return fmt.Errorf("field dr in SpecDistributionModules: required") - } - if v, ok := raw["ingress"]; !ok || v == nil { - return fmt.Errorf("field ingress in SpecDistributionModules: required") + if v, ok := raw["effect"]; !ok || v == nil { + return fmt.Errorf("field effect in TypesKubeToleration_1: required") } - if v, ok := raw["logging"]; !ok || v == nil { - return fmt.Errorf("field logging in SpecDistributionModules: required") + if v, ok := raw["key"]; !ok || v == nil { + return fmt.Errorf("field key in TypesKubeToleration_1: required") } - if v, ok := raw["policy"]; !ok || v == nil { - return fmt.Errorf("field policy in SpecDistributionModules: required") + if v, ok := raw["value"]; !ok || v == nil { + return fmt.Errorf("field value in TypesKubeToleration_1: required") } - type Plain SpecDistributionModules + type Plain TypesKubeToleration_1 var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModules(plain) + *j = TypesKubeToleration_1(plain) return nil } +type TypesFuryModuleComponentOverrides_1 struct { + // NodeSelector corresponds to the JSON schema field "nodeSelector". + NodeSelector TypesKubeNodeSelector_1 `json:"nodeSelector,omitempty" yaml:"nodeSelector,omitempty" mapstructure:"nodeSelector,omitempty"` + + // Tolerations corresponds to the JSON schema field "tolerations". + Tolerations []TypesKubeToleration_1 `json:"tolerations,omitempty" yaml:"tolerations,omitempty" mapstructure:"tolerations,omitempty"` +} + +var enumValues_TypesKubeTolerationEffect = []interface{}{ + "NoSchedule", + "PreferNoSchedule", + "NoExecute", +} + +type TypesKubeTolerationEffect string + // UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesPolicy) UnmarshalJSON(b []byte) error { +func (j *SpecDistributionModulesAuthPomerium_2) UnmarshalJSON(b []byte) error { var raw map[string]interface{} if err := json.Unmarshal(b, &raw); err != nil { return err } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesPolicy: required") + if v, ok := raw["secrets"]; !ok || v == nil { + return fmt.Errorf("field secrets in SpecDistributionModulesAuthPomerium_2: required") } - type Plain SpecDistributionModulesPolicy + type Plain SpecDistributionModulesAuthPomerium_2 var plain Plain if err := json.Unmarshal(b, &plain); err != nil { return err } - *j = SpecDistributionModulesPolicy(plain) + *j = SpecDistributionModulesAuthPomerium_2(plain) return nil } +type TypesAwsSshPubKey string + +type TypesEnvRef string + +type TypesFileRef string + +type TypesIpAddress string + +type TypesSemVer string + +type TypesSshPubKey string + +type TypesUri string + // UnmarshalJSON implements json.Unmarshaler. func (j *SpecDistributionCommonProvider) UnmarshalJSON(b []byte) error { var raw map[string]interface{} @@ -4332,22 +4451,8 @@ func (j *SpecDistributionCommonProvider) UnmarshalJSON(b []byte) error { return nil } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesTracing) UnmarshalJSON(b []byte) error { - var raw map[string]interface{} - if err := json.Unmarshal(b, &raw); err != nil { - return err - } - if v, ok := raw["type"]; !ok || v == nil { - return fmt.Errorf("field type in SpecDistributionModulesTracing: required") - } - type Plain SpecDistributionModulesTracing - var plain Plain - if err := json.Unmarshal(b, &plain); err != nil { - return err - } - *j = SpecDistributionModulesTracing(plain) - return nil +var enumValues_EksclusterKfdV1Alpha2Kind = []interface{}{ + "EKSCluster", } // UnmarshalJSON implements json.Unmarshaler. @@ -4370,25 +4475,7 @@ func (j *EksclusterKfdV1Alpha2Kind) UnmarshalJSON(b []byte) error { return nil } -// UnmarshalJSON implements json.Unmarshaler. -func (j *SpecDistributionModulesTracingTempoBackend) UnmarshalJSON(b []byte) error { - var v string - if err := json.Unmarshal(b, &v); err != nil { - return err - } - var ok bool - for _, expected := range enumValues_SpecDistributionModulesTracingTempoBackend { - if reflect.DeepEqual(v, expected) { - ok = true - break - } - } - if !ok { - return fmt.Errorf("invalid value (expected one of %#v): %#v", enumValues_SpecDistributionModulesTracingTempoBackend, v) - } - *j = SpecDistributionModulesTracingTempoBackend(v) - return nil -} +type TypesKubeNodeSelector map[string]string // UnmarshalJSON implements json.Unmarshaler. func (j *Metadata) UnmarshalJSON(b []byte) error { diff --git a/schemas/private/ekscluster-kfd-v1alpha2.json b/schemas/private/ekscluster-kfd-v1alpha2.json index e49e1414..46264a5d 100644 --- a/schemas/private/ekscluster-kfd-v1alpha2.json +++ b/schemas/private/ekscluster-kfd-v1alpha2.json @@ -532,6 +532,9 @@ "minItems": 0, "description": "Optional list of Kubernetes Cluster log types to enable. Defaults to all types." }, + "nodePoolsCommon": { + "$ref": "#/$defs/Spec.Kubernetes.NodePoolsCommon" + }, "nodePools": { "type": "array", "items": { @@ -584,6 +587,33 @@ "publicAccess" ] }, + "Spec.Kubernetes.NodePoolsCommon": { + "type": "object", + "additionalProperties": false, + "description": "Additional properties in common for all self-managed node pools. Currently only IMDS properties are supported.", + "properties": { + "metadataHttpEndpoint": { + "description": "Specifies whether the instance metadata service (IMDS) is enabled or disabled. When set to 'disabled', instance metadata is not accessible.", + "type": "string", + "enum": [ + "enabled", + "disabled" + ] + }, + "metadataHttpTokens": { + "description": "Defines whether the use of IMDS session tokens is required. When set to 'required', all metadata requests must include a valid session token.", + "type": "string", + "enum": [ + "optional", + "required" + ] + }, + "metadataHttpPutResponseHopLimit": { + "description": "Specifies the maximum number of network hops allowed for instance metadata PUT response packets. This helps control access to instance metadata across different network layers.", + "type": "integer" + } + } + }, "Spec.Kubernetes.NodePool": { "type": "object", "additionalProperties": false, diff --git a/schemas/public/ekscluster-kfd-v1alpha2.json b/schemas/public/ekscluster-kfd-v1alpha2.json index 8f726846..f56c15e2 100644 --- a/schemas/public/ekscluster-kfd-v1alpha2.json +++ b/schemas/public/ekscluster-kfd-v1alpha2.json @@ -532,6 +532,9 @@ "minItems": 0, "description": "Optional list of Kubernetes Cluster log types to enable. Defaults to all types." }, + "nodePoolsCommon": { + "$ref": "#/$defs/Spec.Kubernetes.NodePoolsCommon" + }, "nodePools": { "type": "array", "items": { @@ -584,6 +587,33 @@ "publicAccess" ] }, + "Spec.Kubernetes.NodePoolsCommon": { + "type": "object", + "additionalProperties": false, + "description": "Additional properties in common for all self-managed node pools. Currently only IMDS properties are supported.", + "properties": { + "metadataHttpEndpoint": { + "description": "Specifies whether the instance metadata service (IMDS) is enabled or disabled. When set to 'disabled', instance metadata is not accessible.", + "type": "string", + "enum": [ + "enabled", + "disabled" + ] + }, + "metadataHttpTokens": { + "description": "Defines whether the use of IMDS session tokens is required. When set to 'required', all metadata requests must include a valid session token.", + "type": "string", + "enum": [ + "optional", + "required" + ] + }, + "metadataHttpPutResponseHopLimit": { + "description": "Specifies the maximum number of network hops allowed for instance metadata PUT response packets. This helps control access to instance metadata across different network layers.", + "type": "integer" + } + } + }, "Spec.Kubernetes.NodePool": { "type": "object", "additionalProperties": false, diff --git a/templates/kubernetes/ekscluster/terraform/main.auto.tfvars.tpl b/templates/kubernetes/ekscluster/terraform/main.auto.tfvars.tpl index c03abb66..5a30eb23 100644 --- a/templates/kubernetes/ekscluster/terraform/main.auto.tfvars.tpl +++ b/templates/kubernetes/ekscluster/terraform/main.auto.tfvars.tpl @@ -87,6 +87,20 @@ cluster_iam_role_name_prefix_override = {{ .spec.kubernetes.clusterIAMRoleNamePr workers_iam_role_name_prefix_override = {{ .spec.kubernetes.workersIAMRoleNamePrefixOverride | quote }} {{- end }} +{{- if hasKeyAny .spec.kubernetes "nodePoolsCommon" }} +workers_group_defaults = { + {{- if hasKeyAny .spec.kubernetes.nodePoolsCommon "metadataHttpEndpoint" }} + metadata_http_endpoint = {{ .spec.kubernetes.nodePoolsCommon.metadataHttpEndpoint | quote }} + {{- end}} + {{- if hasKeyAny .spec.kubernetes.nodePoolsCommon "metadataHttpTokens" }} + metadata_http_tokens = {{ .spec.kubernetes.nodePoolsCommon.metadataHttpTokens | quote }} + {{- end}} + {{- if hasKeyAny .spec.kubernetes.nodePoolsCommon "metadataHttpPutResponseHopLimit" }} + metadata_http_put_response_hop_limit = {{ .spec.kubernetes.nodePoolsCommon.metadataHttpPutResponseHopLimit }} + {{- end}} +} +{{- end }} + {{- if gt (len .spec.kubernetes.nodePools) 0 }} {{- $nodePools := list }} diff --git a/templates/kubernetes/ekscluster/terraform/main.tf.tpl b/templates/kubernetes/ekscluster/terraform/main.tf.tpl index 615ca5b5..489e702c 100644 --- a/templates/kubernetes/ekscluster/terraform/main.tf.tpl +++ b/templates/kubernetes/ekscluster/terraform/main.tf.tpl @@ -66,6 +66,7 @@ module "fury" { tags = var.tags cluster_iam_role_name = var.cluster_iam_role_name_prefix_override workers_role_name = var.workers_iam_role_name_prefix_override + workers_group_defaults = var.workers_group_defaults # AWS-specific variables. # Enables managing auth using these variables diff --git a/templates/kubernetes/ekscluster/terraform/variables.tf b/templates/kubernetes/ekscluster/terraform/variables.tf index 993e88ef..4288f779 100644 --- a/templates/kubernetes/ekscluster/terraform/variables.tf +++ b/templates/kubernetes/ekscluster/terraform/variables.tf @@ -230,4 +230,14 @@ variable "node_pools_global_ami_type" { condition = contains(["alinux2", "alinux2023"], var.node_pools_global_ami_type) error_message = "The global AMI type must be either 'alinux2' or 'alinux2023'." } -} \ No newline at end of file +} + +variable "workers_group_defaults" { + type = any + + default = { + metadata_http_endpoint = "enabled" + metadata_http_tokens = "optional" + metadata_http_put_response_hop_limit = null + } +}