apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.18.0 creationTimestamp: "2026-04-02T13:56:57Z" generation: 1 name: designates.designate.openstack.org resourceVersion: "36982" uid: 1fc943e9-7300-4d73-b71e-fe8a1d5163f7 spec: conversion: strategy: None group: designate.openstack.org names: kind: Designate listKind: DesignateList plural: designates singular: designate scope: Namespaced versions: - additionalPrinterColumns: - description: Status jsonPath: .status.conditions[0].status name: Status type: string - description: Message jsonPath: .status.conditions[0].message name: Message type: string name: v1beta1 schema: openAPIV3Schema: description: Designate is the Schema for the designates API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: DesignateAPISpec defines the desired state of DesignateAPI properties: apiTimeout: default: 120 description: Designate API timeout type: integer backendMdnsServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] type: string backendType: description: |- BackendType - Defines the backend service/configuration we are using, i.e. bind9, unhbound, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup type: string backendWorkerServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] type: string customServiceConfig: default: '# add your customization here' description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as custom.conf file. type: string databaseAccount: default: designate description: DatabaseAccount - name of MariaDBAccount which will be used to connect. type: string databaseInstance: description: |- MariaDB instance name Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object designateAPI: description: DesignateAPI - Spec definition for the API service of this Designate deployment properties: apiTimeout: description: APITimeout for HAProxy and Apache defaults to DesignateSpecCore APITimeout (seconds) type: integer auth: description: Auth - Parameters related to authentication properties: applicationCredentialSecret: description: ApplicationCredentialSecret - Secret containing Application Credential ID and Secret type: string type: object backendMdnsServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] type: string backendType: description: |- BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup type: string backendWorkerServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] type: string containerImage: description: ContainerImage - Designate Container Image URL (will be set to environmental default if empty) type: string customServiceConfig: description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as a custom config file. type: string customServiceConfigSecrets: description: |- CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets that contain sensitive service config data. The content of each Secret gets added to the /etc//.conf.d directory as a custom config file. items: type: string type: array databaseAccount: default: designate description: DatabaseAccount - name of MariaDBAccount which will be used to connect. type: string databaseHostname: description: DatabaseHostname - Designate Database Hostname type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: |- NodeSelector to target subset of worker nodes running this service. Setting here overrides any global NodeSelector settings within the Designate CR. type: object override: description: Override, provides the ability to override the generated manifest of several child resources. properties: service: additionalProperties: description: |- RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. properties: endpointURL: type: string metadata: description: |- EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. Only labels and annotations are included. properties: annotations: additionalProperties: type: string description: |- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: type: string description: |- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object type: object spec: description: |- OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy properties: externalName: description: |- externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: description: |- externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string internalTrafficPolicy: description: |- InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilyPolicy: description: |- IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: description: |- loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerSourceRanges: description: |- If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array x-kubernetes-list-type: atomic sessionAffinity: description: |- Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations of session affinity. properties: clientIP: description: clientIP contains the configurations of Client IP based session affinity. properties: timeoutSeconds: description: |- timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: description: |- type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object description: |- Override configuration for the Service created to serve traffic to the cluster. The key must be the endpoint type (public, internal) type: object type: object passwordSelectors: default: service: DesignatePassword description: PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret properties: service: default: DesignatePassword description: Service - Selector to get the designate service password from the Secret type: string type: object replicas: default: 1 description: Replicas - Designate API Replicas format: int32 maximum: 32 minimum: 0 type: integer resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: Secret containing OpenStack password information for DesignatePassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Designate services the default SA name type: string serviceUser: default: designate description: ServiceUser - optional username used for this service to register in designate type: string tls: description: TLS - Parameters related to the TLS properties: api: description: API tls type which encapsulates for API services properties: internal: description: Internal GenericService - holds the secret for the internal endpoint properties: secretName: description: SecretName - holding the cert, key for the service type: string type: object public: description: Public GenericService - holds the secret for the public endpoint properties: secretName: description: SecretName - holding the cert, key for the service type: string type: object type: object caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string required: - containerImage type: object designateBackendbind9: description: DesignateBackendbind9 - Spec definition for the Backendbind9 service of this Designate deployment properties: backendMdnsServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] type: string backendType: description: |- BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup type: string backendWorkerServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] type: string containerImage: description: ContainerImage - Designate Container Image URL (will be set to environmental default if empty) type: string controlNetworkName: default: designate description: ControlNetworkName - specify which network attachment is to be used for control, notifys and zone transfers. type: string customBindOptions: description: CustomBindOptions - custom bind9 options items: type: string type: array customServiceConfig: description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as a custom config file. type: string customServiceConfigSecrets: description: |- CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets that contain sensitive service config data. The content of each Secret gets added to the /etc//.conf.d directory as a custom config file. items: type: string type: array databaseAccount: default: designate description: DatabaseAccount - name of MariaDBAccount which will be used to connect. type: string databaseHostname: description: DatabaseHostname - Designate Database Hostname type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object netUtilsImage: description: NetUtilsImage - NetUtils container image type: string networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: |- NodeSelector to target subset of worker nodes running this service. Setting here overrides any global NodeSelector settings within the Designate CR. type: object override: description: |- Allows services to be configured for accessing each designate bind pod. For best results, there should be an override for each replica. properties: services: items: description: |- OverrideSpec - service override configuration for the Service created to serve traffic to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. properties: metadata: description: |- EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. Only labels and annotations are included. properties: annotations: additionalProperties: type: string description: |- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: type: string description: |- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object type: object spec: description: |- OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy properties: externalName: description: |- externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: description: |- externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string internalTrafficPolicy: description: |- InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilyPolicy: description: |- IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: description: |- loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerSourceRanges: description: |- If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array x-kubernetes-list-type: atomic sessionAffinity: description: |- Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations of session affinity. properties: clientIP: description: clientIP contains the configurations of Client IP based session affinity. properties: timeoutSeconds: description: |- timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: description: |- type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object type: array x-kubernetes-list-type: atomic type: object passwordSelectors: default: service: DesignatePassword description: PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret properties: service: default: DesignatePassword description: Service - Selector to get the designate service password from the Secret type: string type: object replicas: default: 1 description: Replicas - Designate Backendbind9 Replicas format: int32 maximum: 32 minimum: 0 type: integer resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: Secret containing OpenStack password information for DesignatePassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Designate services the default SA name type: string serviceUser: default: designate description: ServiceUser - optional username used for this service to register in designate type: string storageClass: description: StorageClass type: string storageRequest: description: StorageRequest type: string topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string required: - containerImage type: object designateCentral: description: DesignateCentral - Spec definition for the Central service of this Designate deployment properties: backendMdnsServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] type: string backendType: description: |- BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup type: string backendWorkerServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] type: string containerImage: description: ContainerImage - Designate Container Image URL (will be set to environmental default if empty) type: string customServiceConfig: description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as a custom config file. type: string customServiceConfigSecrets: description: |- CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets that contain sensitive service config data. The content of each Secret gets added to the /etc//.conf.d directory as a custom config file. items: type: string type: array databaseAccount: default: designate description: DatabaseAccount - name of MariaDBAccount which will be used to connect. type: string databaseHostname: description: DatabaseHostname - Designate Database Hostname type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: |- NodeSelector to target subset of worker nodes running this service. Setting here overrides any global NodeSelector settings within the Designate CR. type: object passwordSelectors: default: service: DesignatePassword description: PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret properties: service: default: DesignatePassword description: Service - Selector to get the designate service password from the Secret type: string type: object redisHostIPs: description: List of Redis Host IP addresses items: type: string type: array x-kubernetes-list-type: atomic replicas: default: 1 description: Replicas - Designate Central Replicas format: int32 maximum: 32 minimum: 0 type: integer resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: Secret containing OpenStack password information for DesignatePassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Designate services the default SA name type: string serviceUser: default: designate description: ServiceUser - optional username used for this service to register in designate type: string tls: description: TLS - Parameters related to the TLS properties: caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string required: - containerImage type: object designateMdns: description: DesignateMdns - Spec definition for the Mdns service of this Designate deployment properties: backendMdnsServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] type: string backendType: description: |- BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup type: string backendWorkerServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] type: string containerImage: description: ContainerImage - Designate Container Image URL (will be set to environmental default if empty) type: string controlNetworkName: default: designate description: ControlNetworkName - specify which network attachment is to be used for control, notifys and zone transfers. type: string customServiceConfig: description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as a custom config file. type: string customServiceConfigSecrets: description: |- CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets that contain sensitive service config data. The content of each Secret gets added to the /etc//.conf.d directory as a custom config file. items: type: string type: array databaseAccount: default: designate description: DatabaseAccount - name of MariaDBAccount which will be used to connect. type: string databaseHostname: description: DatabaseHostname - Designate Database Hostname type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object netUtilsImage: description: NetUtilsImage - NetUtils container image type: string networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: |- NodeSelector to target subset of worker nodes running this service. Setting here overrides any global NodeSelector settings within the Designate CR. type: object override: description: |- Allows services to be configured for accessing each mdns pod. For best results, there should be an override for each replica. properties: services: items: description: |- OverrideSpec - service override configuration for the Service created to serve traffic to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. properties: metadata: description: |- EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. Only labels and annotations are included. properties: annotations: additionalProperties: type: string description: |- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: type: string description: |- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object type: object spec: description: |- OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy properties: externalName: description: |- externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: description: |- externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string internalTrafficPolicy: description: |- InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilyPolicy: description: |- IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: description: |- loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerSourceRanges: description: |- If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array x-kubernetes-list-type: atomic sessionAffinity: description: |- Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations of session affinity. properties: clientIP: description: clientIP contains the configurations of Client IP based session affinity. properties: timeoutSeconds: description: |- timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: description: |- type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object type: array x-kubernetes-list-type: atomic type: object passwordSelectors: default: service: DesignatePassword description: PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret properties: service: default: DesignatePassword description: Service - Selector to get the designate service password from the Secret type: string type: object replicas: default: 1 description: Replicas - Designate Mdns Replicas format: int32 maximum: 32 minimum: 0 type: integer resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: Secret containing OpenStack password information for DesignatePassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Designate services the default SA name type: string serviceUser: default: designate description: ServiceUser - optional username used for this service to register in designate type: string tls: description: TLS - Parameters related to the TLS properties: caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string required: - containerImage type: object designateNetworkAttachment: default: designate description: DesignateNetworkAttachment is a NetworkAttachment resource name for the Designate Control Network type: string designateProducer: description: DesignateProducer - Spec definition for the Producer service of this Designate deployment properties: backendMdnsServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] type: string backendType: description: |- BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup type: string backendWorkerServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] type: string containerImage: description: ContainerImage - Designate Container Image URL (will be set to environmental default if empty) type: string customServiceConfig: description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as a custom config file. type: string customServiceConfigSecrets: description: |- CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets that contain sensitive service config data. The content of each Secret gets added to the /etc//.conf.d directory as a custom config file. items: type: string type: array databaseAccount: default: designate description: DatabaseAccount - name of MariaDBAccount which will be used to connect. type: string databaseHostname: description: DatabaseHostname - Designate Database Hostname type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: |- NodeSelector to target subset of worker nodes running this service. Setting here overrides any global NodeSelector settings within the Designate CR. type: object passwordSelectors: default: service: DesignatePassword description: PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret properties: service: default: DesignatePassword description: Service - Selector to get the designate service password from the Secret type: string type: object redisHostIPs: description: List of Redis Host IP addresses items: type: string type: array x-kubernetes-list-type: atomic replicas: default: 1 description: Replicas - Designate Producer Replicas format: int32 maximum: 32 minimum: 0 type: integer resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: Secret containing OpenStack password information for DesignatePassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Designate services the default SA name type: string serviceUser: default: designate description: ServiceUser - optional username used for this service to register in designate type: string tls: description: TLS - Parameters related to the TLS properties: caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string required: - containerImage type: object designateUnbound: description: DesignateUnbound - Spec definition for the Unbound Resolver service of this Designate deployment properties: containerImage: description: ContainerImage - Designate Container Image URL (will be set to environmental default if empty) type: string customServiceConfig: description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as a custom config file. type: string customServiceConfigSecrets: description: |- CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets that contain sensitive service config data. The content of each Secret gets added to the /etc//.conf.d directory as a custom config file. items: type: string type: array defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: |- NodeSelector to target subset of worker nodes running this service. Setting here overrides any global NodeSelector settings within the Designate CR. type: object override: description: |- Allows services to be configured for accessing each Unbound pod. For best results, there should be an override for each replica. properties: services: items: description: |- OverrideSpec - service override configuration for the Service created to serve traffic to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. properties: metadata: description: |- EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. Only labels and annotations are included. properties: annotations: additionalProperties: type: string description: |- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: type: string description: |- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object type: object spec: description: |- OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy properties: externalName: description: |- externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: description: |- externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string internalTrafficPolicy: description: |- InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilyPolicy: description: |- IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: description: |- loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerSourceRanges: description: |- If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array x-kubernetes-list-type: atomic sessionAffinity: description: |- Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations of session affinity. properties: clientIP: description: clientIP contains the configurations of Client IP based session affinity. properties: timeoutSeconds: description: |- timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: description: |- type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object type: array x-kubernetes-list-type: atomic type: object replicas: default: 1 description: Replicas - Designate Unbound Replicas format: int32 maximum: 32 minimum: 0 type: integer resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object serviceAccount: description: ServiceAccount - service account name used internally to provide Designate services the default SA name type: string stubZones: description: Allows configuring stub zone entries in the managed Unbound servers for the managed nameservers. items: properties: name: type: string options: additionalProperties: type: string type: object required: - name type: object type: array x-kubernetes-list-type: atomic topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object required: - containerImage type: object designateWorker: description: DesignateWorker - Spec definition for the Worker service of this Designate deployment properties: backendMdnsServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] type: string backendType: description: |- BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup type: string backendWorkerServerProtocol: description: |- BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] type: string containerImage: description: ContainerImage - Designate Container Image URL (will be set to environmental default if empty) type: string customServiceConfig: description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as a custom config file. type: string customServiceConfigSecrets: description: |- CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets that contain sensitive service config data. The content of each Secret gets added to the /etc//.conf.d directory as a custom config file. items: type: string type: array databaseAccount: default: designate description: DatabaseAccount - name of MariaDBAccount which will be used to connect. type: string databaseHostname: description: DatabaseHostname - Designate Database Hostname type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: |- NodeSelector to target subset of worker nodes running this service. Setting here overrides any global NodeSelector settings within the Designate CR. type: object passwordSelectors: default: service: DesignatePassword description: PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret properties: service: default: DesignatePassword description: Service - Selector to get the designate service password from the Secret type: string type: object replicas: default: 1 description: Replicas - Designate Worker Replicas format: int32 maximum: 32 minimum: 0 type: integer resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: Secret containing OpenStack password information for DesignatePassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Designate services the default SA name type: string serviceUser: default: designate description: ServiceUser - optional username used for this service to register in designate type: string tls: description: TLS - Parameters related to the TLS properties: caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string required: - containerImage type: object messagingBus: description: MessagingBus configuration (cluster, username, and vhost) properties: cluster: description: Name of the cluster minLength: 1 type: string user: description: User - RabbitMQ username type: string vhost: description: Vhost - RabbitMQ vhost name type: string required: - cluster type: object nodeSelector: additionalProperties: type: string description: NodeSelector to target subset of worker nodes running this service type: object notificationsBus: description: NotificationsBus configuration (cluster, username, and vhost) for notifications properties: cluster: description: Name of the cluster minLength: 1 type: string user: description: User - RabbitMQ username type: string vhost: description: Vhost - RabbitMQ vhost name type: string required: - cluster type: object nsRecords: description: NSRecords contains the list of nameserver records for the Designate pool items: description: DesignateNSRecord defines a DNS nameserver record properties: hostname: description: Hostname of the nameserver minLength: 1 type: string priority: description: Priority of the nameserver minimum: 1 type: integer required: - hostname - priority type: object type: array x-kubernetes-list-type: atomic passwordSelectors: default: service: DesignatePassword description: PasswordSelectors - Selectors to identify the DB and AdminUser password from the Secret properties: service: default: DesignatePassword description: Service - Selector to get the designate service password from the Secret type: string type: object preserveJobs: default: false description: PreserveJobs - do not delete jobs after they finished e.g. to check logs type: boolean rabbitMqClusterName: description: |- RabbitMQ instance name Needed to request a transportURL that is created and used in Designate Deprecated: Use MessagingBus.Cluster instead type: string redisServiceName: default: designate-redis description: RedisServiceName is the name of the Redis instance to be used (must be in the same namespace as designate) type: string resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: Secret containing OpenStack password information for designate AdminPassword type: string serviceUser: default: designate description: ServiceUser - optional username used for this service to register in designate type: string topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object required: - databaseInstance - designateAPI - designateBackendbind9 - designateCentral - designateMdns - designateProducer - designateWorker - secret type: object status: description: DesignateStatus defines the observed state of Designate properties: apiEndpoint: additionalProperties: type: string description: API endpoint type: object conditions: description: Conditions items: description: Condition defines an observation of a API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: A human readable message indicating details about the transition. type: string reason: description: The reason for the condition's last transition in CamelCase. type: string severity: description: |- Severity provides a classification of Reason code, so the current situation is immediately understandable and could act accordingly. It is meant for situations where Status=False and it should be indicated if it is just informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue and no actions to automatically resolve the issue can/should be done). For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: Type of condition in CamelCase. type: string required: - lastTransitionTime - status - type type: object type: array databaseHostname: description: DatabaseHostname - Designate Database Hostname type: string designateAPIReadyCount: description: ReadyCount of Designate API instance format: int32 type: integer designateBackendbind9ReadyCount: description: ReadyCount of Designate Backendbind9 instance format: int32 type: integer designateCentralReadyCount: description: ReadyCount of Designate Central instance format: int32 type: integer designateMdnsReadyCount: description: ReadyCount of Designate Mdns instance format: int32 type: integer designateProducerReadyCount: description: ReadyCount of Designate Producer instance format: int32 type: integer designateUnboundReadyCount: description: ReadyCount of Designate Unbound instance format: int32 type: integer designateWorkerReadyCount: description: ReadyCount of Designate Worker instance format: int32 type: integer hash: additionalProperties: type: string description: Map of hashes to track e.g. job status type: object notificationsTransportURLSecret: description: NotificationsTransportURLSecret - Secret containing RabbitMQ notifications transportURL type: string observedGeneration: description: |- ObservedGeneration - the most recent generation observed for this service. If the observed generation is less than the spec generation, then the controller has not processed the latest changes injected by the opentack-operator in the top-level CR (e.g. the ContainerImage) format: int64 type: integer redisHostIPs: description: List of Redis Host IP addresses items: type: string type: array transportURLSecret: description: TransportURLSecret - Secret containing RabbitMQ transportURL type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: Designate listKind: DesignateList plural: designates singular: designate conditions: - lastTransitionTime: "2026-04-02T13:56:57Z" message: no conflicts found reason: NoConflicts status: "True" type: NamesAccepted - lastTransitionTime: "2026-04-02T13:56:58Z" message: the initial names have been accepted reason: InitialNamesAccepted status: "True" type: Established storedVersions: - v1beta1