Add single CRDs files

.github/workflows/ci.yml

@@ -53,7 +53,7 @@ jobs:
  run: go mod tidy && git diff --exit-code -- go.mod go.sum
 
  - name: Check if CRDs changed
- run: make update-crds && git diff --name-only --exit-code deployments/common/crds*
+ run: make update-crds && git diff --name-only --exit-code config/crd/bases
 
  - name: Check if Codegen changed
  run: |

Makefile

@@ -63,7 +63,10 @@ update-codegen: ## Generate code
 
 .PHONY: update-crds
 update-crds: ## Update CRDs
- go run sigs.k8s.io/controller-tools/cmd/controller-gen crd:crdVersions=v1 schemapatch:manifests=./deployments/common/crds/ paths=./pkg/apis/... output:dir=./deployments/common/crds
+ go run sigs.k8s.io/controller-tools/cmd/controller-gen crd paths=./pkg/apis/... output:crd:artifacts:config=config/crd/bases
+ kustomize build config/crd >deploy/crds.yaml
+ kustomize build config/crd/app-protect-dos --load-restrictor='LoadRestrictionsNone' >deploy/crds-nap-dos.yaml
+ kustomize build config/crd/app-protect-waf --load-restrictor='LoadRestrictionsNone' >deploy/crds-nap-waf.yaml
 
 .PHONY: certificate-and-key
 certificate-and-key: ## Create default cert and key

charts/nginx-ingress/crds

@@ -1 +1 @@
-../../deployments/common/crds/
+../../config/crd/bases/

config/crd/app-protect-dos/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../bases/appprotectdos.f5.com_apdoslogconfs.yaml
+- ../bases/appprotectdos.f5.com_apdospolicy.yaml
+- ../bases/appprotectdos.f5.com_dosprotectedresources.yaml

config/crd/app-protect-waf/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../bases/appprotect.f5.com_aplogconfs.yaml
+- ../bases/appprotect.f5.com_appolicies.yaml
+- ../bases/appprotect.f5.com_apusersigs.yaml

config/crd/bases/appprotectdos.f5.com_dosprotectedresources.yaml

@@ -0,0 +1,98 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.13.0
+ name: dosprotectedresources.appprotectdos.f5.com
+spec:
+ group: appprotectdos.f5.com
+ names:
+ kind: DosProtectedResource
+ listKind: DosProtectedResourceList
+ plural: dosprotectedresources
+ shortNames:
+ - pr
+ singular: dosprotectedresource
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: DosProtectedResource defines a Dos protected resource.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: DosProtectedResourceSpec defines the properties and values
+ a DosProtectedResource can have.
+ properties:
+ apDosMonitor:
+ description: 'ApDosMonitor is how NGINX App Protect DoS monitors the
+ stress level of the protected object. The monitor requests are sent
+ from localhost (127.0.0.1). Default value: URI - None, protocol
+ - http1, timeout - NGINX App Protect DoS default.'
+ properties:
+ protocol:
+ description: Protocol determines if the server listens on http1
+ / http2 / grpc / websocket. The default is http1.
+ enum:
+ - http1
+ - http2
+ - grpc
+ - websocket
+ type: string
+ timeout:
+ description: Timeout determines how long (in seconds) should NGINX
+ App Protect DoS wait for a response. Default is 10 seconds for
+ http1/http2 and 5 seconds for grpc.
+ format: int64
+ type: integer
+ uri:
+ description: 'URI is the destination to the desired protected
+ object in the nginx.conf:'
+ type: string
+ type: object
+ apDosPolicy:
+ description: ApDosPolicy is the namespace/name of a ApDosPolicy resource
+ type: string
+ dosAccessLogDest:
+ description: DosAccessLogDest is the network address for the access
+ logs
+ type: string
+ dosSecurityLog:
+ description: DosSecurityLog defines the security log of the DosProtectedResource.
+ properties:
+ apDosLogConf:
+ description: ApDosLogConf is the namespace/name of a APDosLogConf
+ resource
+ type: string
+ dosLogDest:
+ description: DosLogDest is the network address of a logging service,
+ can be either IP or DNS name.
+ type: string
+ enable:
+ description: Enable enables the security logging feature if set
+ to true
+ type: boolean
+ type: object
+ enable:
+ description: Enable enables the DOS feature if set to true
+ type: boolean
+ name:
+ description: Name is the name of protected object, max of 63 characters.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true

config/crd/bases/externaldns.nginx.org_dnsendpoints.yaml

@@ -0,0 +1,92 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.13.0
+ name: dnsendpoints.externaldns.nginx.org
+spec:
+ group: externaldns.nginx.org
+ names:
+ kind: DNSEndpoint
+ listKind: DNSEndpointList
+ plural: dnsendpoints
+ singular: dnsendpoint
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: DNSEndpoint is the CRD wrapper for Endpoint
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: DNSEndpointSpec holds information about endpoints.
+ properties:
+ endpoints:
+ items:
+ description: Endpoint describes DNS Endpoint.
+ properties:
+ dnsName:
+ description: The hostname for the DNS record
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels stores labels defined for the Endpoint
+ type: object
+ providerSpecific:
+ description: ProviderSpecific stores provider specific config
+ items:
+ description: ProviderSpecificProperty represents provider
+ specific config property.
+ properties:
+ name:
+ description: Name of the property
+ type: string
+ value:
+ description: Value of the property
+ type: string
+ type: object
+ type: array
+ recordTTL:
+ description: TTL for the record
+ format: int64
+ type: integer
+ recordType:
+ description: RecordType type of record, e.g. CNAME, A, SRV,
+ TXT, MX
+ type: string
+ targets:
+ description: The targets the DNS service points to
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ status:
+ description: DNSEndpointStatus represents generation observed by the external
+ dns controller.
+ properties:
+ observedGeneration:
+ description: The generation observed by by the external-dns controller.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}

config/crd/bases/k8s.nginx.org_globalconfigurations.yaml

@@ -0,0 +1,57 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.13.0
+ name: globalconfigurations.k8s.nginx.org
+spec:
+ group: k8s.nginx.org
+ names:
+ kind: GlobalConfiguration
+ listKind: GlobalConfigurationList
+ plural: globalconfigurations
+ shortNames:
+ - gc
+ singular: globalconfiguration
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: GlobalConfiguration defines the GlobalConfiguration resource.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: GlobalConfigurationSpec is the spec of the GlobalConfiguration
+ resource.
+ properties:
+ listeners:
+ items:
+ description: Listener defines a listener.
+ properties:
+ name:
+ type: string
+ port:
+ type: integer
+ protocol:
+ type: string
+ ssl:
+ type: boolean
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true