{ "description": "PulsarConnection is the Schema for the pulsarconnections API\nIt represents a connection to a Pulsar cluster and includes both the desired state (Spec)\nand the observed state (Status) of the connection.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "PulsarConnectionSpec defines the desired state of PulsarConnection\nIt specifies the configuration for connecting to a Pulsar cluster.\n\n\nFor plaintext (non-TLS) Pulsar clusters:\n- Set AdminServiceURL to \"http://:\"\n- Set BrokerServiceURL to \"pulsar://:\"\n\n\nFor TLS-enabled Pulsar clusters:\n- Set AdminServiceSecureURL to \"https://:\"\n- Set BrokerServiceSecureURL to \"pulsar+ssl://:\"\n- Optionally set BrokerClientTrustCertsFilePath if using custom CA certificates", "properties": { "adminServiceSecureURL": { "description": "AdminServiceSecureURL is the HTTPS URL for secure connections to the Pulsar admin service.\nUse this for encrypted administrative operations.", "pattern": "^https://.+$", "type": "string" }, "adminServiceURL": { "description": "AdminServiceURL is the HTTP(S) URL for the Pulsar cluster's admin service.\nThis URL is used for administrative operations.", "pattern": "^https?://.+$", "type": "string" }, "authentication": { "description": "Authentication defines the authentication configuration for connecting to the Pulsar cluster.\nIt supports both token-based and OAuth2-based authentication methods.", "properties": { "oauth2": { "description": "OAuth2 specifies the configuration for OAuth2-based authentication.\nThis includes all necessary parameters for setting up OAuth2 authentication with Pulsar.\nFor detailed information on the OAuth2 fields, refer to the PulsarAuthenticationOAuth2 struct.", "properties": { "audience": { "description": "Audience is the intended recipient of the token. In Pulsar's context, this is usually\nthe URL of your Pulsar cluster or a specific identifier for your Pulsar service.", "type": "string" }, "clientID": { "description": "ClientID is the OAuth2 client identifier issued to the client during the registration process.", "type": "string" }, "issuerEndpoint": { "description": "IssuerEndpoint is the URL of the OAuth2 authorization server.\nThis is typically the base URL of your identity provider's OAuth2 service.", "type": "string" }, "key": { "description": "Key is either the client secret or the path to a JSON credentials file.\nFor confidential clients, this would be the client secret.\nFor public clients using JWT authentication, this would be the path to the JSON credentials file.", "properties": { "secretRef": { "description": "SecretKeyRef indicates a secret name and key", "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "value": { "type": "string" } }, "type": "object", "additionalProperties": false }, "scope": { "description": "Scope is an optional field to request specific permissions from the OAuth2 server.\nIf not specified, the default scope defined by the OAuth2 server will be used.", "type": "string" } }, "required": [ "audience", "clientID", "issuerEndpoint", "key" ], "type": "object", "additionalProperties": false }, "token": { "description": "Token specifies the configuration for token-based authentication.\nThis can be either a direct token value or a reference to a secret containing the token.\nIf using a secret, the token should be stored under the specified key in the secret.", "properties": { "secretRef": { "description": "SecretKeyRef indicates a secret name and key", "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "value": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "brokerClientTrustCertsFilePath": { "description": "BrokerClientTrustCertsFilePath is the file path to the trusted TLS certificate\nfor outgoing connections to Pulsar brokers. This is used for TLS verification.", "type": "string" }, "brokerServiceSecureURL": { "description": "BrokerServiceSecureURL is the TLS-enabled URL for secure connections to Pulsar brokers.\nUse this for encrypted communications with the Pulsar cluster.", "pattern": "^pulsar\\+ssl://.+$", "type": "string" }, "brokerServiceURL": { "description": "BrokerServiceURL is the non-TLS URL for connecting to Pulsar brokers.\nUse this for non-secure connections to the Pulsar cluster.", "pattern": "^pulsar?://.+$", "type": "string" }, "clusterName": { "description": "ClusterName specifies the name of the local Pulsar cluster.\nWhen setting up Geo-Replication between Pulsar instances, this should be enabled to identify the cluster.", "type": "string" } }, "type": "object", "additionalProperties": false }, "status": { "description": "PulsarConnectionStatus defines the observed state of PulsarConnection.\nIt provides information about the current status of the Pulsar connection.", "properties": { "conditions": { "description": "Conditions represent the latest available observations of the connection's current state.\nIt follows the Kubernetes conventions for condition types and status.\nThe \"Ready\" condition type is typically used to indicate the overall status.", "items": { "description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the most recent generation observed for this resource.\nIt corresponds to the metadata generation, which is updated on mutation by the API Server.\nThis field is used to track whether the controller has processed the latest changes.", "format": "int64", "type": "integer" }, "secretKeyHash": { "description": "SecretKeyHash is the hash of the secret reference used for authentication.\nThis is used to detect changes in the secret without exposing sensitive information.\nThe controller should update this hash when the secret changes.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }