--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.18.0 creationTimestamp: "2025-10-11T10:51:50Z" generation: 1 managedFields: - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:acceptedNames: f:kind: {} f:listKind: {} f:plural: {} f:singular: {} f:conditions: k:{"type":"Established"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"NamesAccepted"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} manager: kube-apiserver operation: Update subresource: status time: "2025-10-11T10:51:50Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:controller-gen.kubebuilder.io/version: {} f:spec: f:conversion: .: {} f:strategy: {} f:group: {} f:names: f:kind: {} f:listKind: {} f:plural: {} f:singular: {} f:scope: {} f:versions: {} manager: operator operation: Update time: "2025-10-11T10:51:50Z" name: octavias.octavia.openstack.org resourceVersion: "32100" uid: de64f843-599d-49ff-8c3e-6d5f293c7e37 spec: conversion: strategy: None group: octavia.openstack.org names: kind: Octavia listKind: OctaviaList plural: octavias singular: octavia scope: Namespaced versions: - additionalPrinterColumns: - description: Status jsonPath: .status.conditions[0].status name: Status type: string - description: Message jsonPath: .status.conditions[0].message name: Message type: string name: v1beta1 schema: openAPIV3Schema: description: Octavia is the Schema for the octavia API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: OctaviaSpec defines the desired state of Octavia properties: amphoraCustomFlavors: default: [] description: AmphoraCustomFlavors - User-defined flavors for Octavia items: description: OctaviaAmphoraFlavor Settings for custom Amphora flavors properties: RAM: type: integer RxTxFactor: type: string VCPUs: type: integer description: type: string disk: type: integer name: type: string required: - RAM - VCPUs - disk - name type: object type: array amphoraImageContainerImage: description: Octavia Container Image URL type: string apacheContainerImage: description: Apache Container Image URL type: string apiTimeout: default: 120 description: Octavia API timeout type: integer customServiceConfig: default: '# add your customization here' description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as custom.conf file. type: string databaseAccount: default: octavia description: |- DatabaseAccount - name of MariaDBAccount which will be used to connect for the main octavia database type: string databaseInstance: description: |- MariaDB instance name Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object lbMgmtNetwork: default: createDefaultLbMgmtNetwork: true manageLbMgmtNetworks: true description: OctaviaLbMgmtNetworks Settings for Octavia management networks properties: availabilityZoneCIDRs: additionalProperties: type: string description: 'AvailabilityZoneCIDRs are the CIDRs of each management network associated with an Availability Zone (ex: {"az":"172.34.0.0/24", ...})' type: object availabilityZones: description: Availability zones for the octavia management network resources items: type: string type: array createDefaultLbMgmtNetwork: default: true description: |- CreateDefaultLbMgmtNetwork - when True, octavia-operator creates a Management Network for the default Availability Zone of the control plane. Can be set to false when deploying OpenStack in DCN mode. type: boolean lbMgmtRouterGateway: description: |- LbMgmtRouterGateway is the IP address of the Octavia router on the Provider network, it's optional and used only when the routing informations are not passed through the Network Attachment Definition type: string manageLbMgmtNetworks: default: true description: ManageLbMgmtNetworks - when True, octavia-operator creates the Neutron resources needed for its Management Network type: boolean type: object nodeSelector: additionalProperties: type: string description: NodeSelector to target subset of worker nodes running this service type: object octaviaAPI: description: OctaviaAPI - Spec definition for the API service of the Octavia deployment properties: apiTimeout: description: APITimeout for HAProxy and Apache defaults to OctaviaSpecCore APITimeout (seconds) type: integer containerImage: description: Octavia Container Image URL type: string customServiceConfig: default: '# add your customization here' description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as custom.conf file. type: string databaseAccount: default: octavia description: |- DatabaseAccount - name of MariaDBAccount which will be used to connect for the main octavia database type: string databaseHostname: description: DatabaseHostname - Octavia DB hostname type: string databaseInstance: description: |- MariaDB instance name Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: NodeSelector to target subset of worker nodes running this service type: object override: description: Override, provides the ability to override the generated manifest of several child resources. properties: service: additionalProperties: description: |- RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. properties: endpointURL: type: string metadata: description: |- EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. Only labels and annotations are included. properties: annotations: additionalProperties: type: string description: |- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ type: object labels: additionalProperties: type: string description: |- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ type: object type: object spec: description: |- OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy properties: externalName: description: |- externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: description: |- externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string internalTrafficPolicy: description: |- InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilyPolicy: description: |- IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: description: |- loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerSourceRanges: description: |- If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array x-kubernetes-list-type: atomic sessionAffinity: description: |- Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations of session affinity. properties: clientIP: description: clientIP contains the configurations of Client IP based session affinity. properties: timeoutSeconds: description: |- timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: description: |- type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object description: |- Override configuration for the Service created to serve traffic to the cluster. The key must be the endpoint type (public, internal) type: object type: object passwordSelectors: default: service: OctaviaPassword description: PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret properties: database: default: OctaviaDatabasePassword description: Database - Selector to get the octavia Database user password from the Secret type: string service: default: OctaviaPassword description: Service - Selector to get the service user password from the Secret type: string type: object persistenceDatabaseAccount: default: octavia-persistence description: |- PersistenceDatabaseAccount - name of MariaDBAccount which will be used to connect for the persistence database type: string preserveJobs: default: false description: PreserveJobs - do not delete jobs after they finished e.g. to check logs type: boolean replicas: default: 1 description: Replicas of octavia API to run format: int32 maximum: 32 minimum: 0 type: integer resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: Secret containing OpenStack password information for octavia OctaviaDatabasePassword, AdminPassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Octavia services the default SA name type: string serviceUser: default: octavia description: ServiceUser - service user name type: string tenantDomainName: default: Default description: TenantDomainName - the name of the OpenStack domain associated with the tenant type: string tenantName: default: service description: TenantName - the name of the OpenStack tenant that controls the Octavia resources type: string tls: description: TLS - Parameters related to the TLS properties: api: description: API tls type which encapsulates for API services properties: internal: description: Internal GenericService - holds the secret for the internal endpoint properties: secretName: description: SecretName - holding the cert, key for the service type: string type: object public: description: Public GenericService - holds the secret for the public endpoint properties: secretName: description: SecretName - holding the cert, key for the service type: string type: object type: object caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string ovn: description: Ovn GenericService - holds the secret for the OvnDb client cert properties: secretName: description: SecretName - holding the cert, key for the service type: string type: object type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: TransportURLSecret - Secret containing RabbitMQ transportURL type: string required: - containerImage - databaseInstance - secret - serviceAccount type: object octaviaHealthManager: description: OctaviaHousekeeping - Spec definition for the Octavia Housekeeping agent for the Octavia deployment properties: amphoraCustomFlavors: default: [] description: AmphoraCustomFlavors - User-defined flavors for Octavia items: description: OctaviaAmphoraFlavor Settings for custom Amphora flavors properties: RAM: type: integer RxTxFactor: type: string VCPUs: type: integer description: type: string disk: type: integer name: type: string required: - RAM - VCPUs - disk - name type: object type: array amphoraImageOwnerID: default: "" type: string containerImage: description: ContainerImage - Amphora Controller Container Image URL type: string customServiceConfig: default: '# add your customization here' description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as custom.conf file. type: string databaseAccount: default: octavia description: |- DatabaseAccount - name of MariaDBAccount which will be used to connect for the main octavia database type: string databaseHostname: description: DatabaseHostname - Octavia DB hostname type: string databaseInstance: description: |- MariaDB instance name Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object lbMgmtNetworkID: default: "" type: string lbSecurityGroupID: default: "" type: string networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: NodeSelector to target subset of worker nodes running this service type: object octaviaProviderSubnetCIDR: description: OctaviaProviderSubnetCIDR - type: string octaviaProviderSubnetExtraCIDRs: description: OctaviaProviderSubnetExtraCIDRs - items: type: string type: array octaviaProviderSubnetGateway: description: OctaviaProviderSubnetGateway - type: string passwordSelectors: default: service: OctaviaPassword description: PasswordSelectors - Selectors to identify the AdminUser password from the Secret properties: database: default: OctaviaDatabasePassword description: Database - Selector to get the octavia Database user password from the Secret type: string service: default: OctaviaPassword description: Service - Selector to get the service user password from the Secret type: string type: object persistenceDatabaseAccount: default: octavia-persistence description: |- PersistenceDatabaseAccount - name of MariaDBAccount which will be used to connect for the persistence database type: string redisHosts: default: [] description: List of Redis Hosts items: type: string type: array x-kubernetes-list-type: atomic resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object role: description: Role - the role for the controller (one of worker, housekeeping, healthmanager) type: string secret: description: Secret containing OpenStack password information for octavia OctaviaDatabasePassword, AdminPassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Octavia services the default SA name type: string serviceUser: default: octavia description: 'ServiceUser - service user name (TODO: beagles, do we need this at all)' type: string tenantDomainName: default: Default description: TenantDomainName - the name of the OpenStack domain associated with the tenant type: string tenantName: default: service description: TenantName - the name of the OpenStack tenant that controls the Octavia resources type: string tls: description: TLS - Parameters related to the TLS properties: caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: TransportURLSecret - Secret containing RabbitMQ transportURL type: string required: - databaseInstance - role - secret - serviceAccount type: object octaviaHousekeeping: description: OctaviaHousekeeping - Spec definition for the Octavia Housekeeping agent for the Octavia deployment properties: amphoraCustomFlavors: default: [] description: AmphoraCustomFlavors - User-defined flavors for Octavia items: description: OctaviaAmphoraFlavor Settings for custom Amphora flavors properties: RAM: type: integer RxTxFactor: type: string VCPUs: type: integer description: type: string disk: type: integer name: type: string required: - RAM - VCPUs - disk - name type: object type: array amphoraImageOwnerID: default: "" type: string containerImage: description: ContainerImage - Amphora Controller Container Image URL type: string customServiceConfig: default: '# add your customization here' description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as custom.conf file. type: string databaseAccount: default: octavia description: |- DatabaseAccount - name of MariaDBAccount which will be used to connect for the main octavia database type: string databaseHostname: description: DatabaseHostname - Octavia DB hostname type: string databaseInstance: description: |- MariaDB instance name Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object lbMgmtNetworkID: default: "" type: string lbSecurityGroupID: default: "" type: string networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: NodeSelector to target subset of worker nodes running this service type: object octaviaProviderSubnetCIDR: description: OctaviaProviderSubnetCIDR - type: string octaviaProviderSubnetExtraCIDRs: description: OctaviaProviderSubnetExtraCIDRs - items: type: string type: array octaviaProviderSubnetGateway: description: OctaviaProviderSubnetGateway - type: string passwordSelectors: default: service: OctaviaPassword description: PasswordSelectors - Selectors to identify the AdminUser password from the Secret properties: database: default: OctaviaDatabasePassword description: Database - Selector to get the octavia Database user password from the Secret type: string service: default: OctaviaPassword description: Service - Selector to get the service user password from the Secret type: string type: object persistenceDatabaseAccount: default: octavia-persistence description: |- PersistenceDatabaseAccount - name of MariaDBAccount which will be used to connect for the persistence database type: string redisHosts: default: [] description: List of Redis Hosts items: type: string type: array x-kubernetes-list-type: atomic resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object role: description: Role - the role for the controller (one of worker, housekeeping, healthmanager) type: string secret: description: Secret containing OpenStack password information for octavia OctaviaDatabasePassword, AdminPassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Octavia services the default SA name type: string serviceUser: default: octavia description: 'ServiceUser - service user name (TODO: beagles, do we need this at all)' type: string tenantDomainName: default: Default description: TenantDomainName - the name of the OpenStack domain associated with the tenant type: string tenantName: default: service description: TenantName - the name of the OpenStack tenant that controls the Octavia resources type: string tls: description: TLS - Parameters related to the TLS properties: caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: TransportURLSecret - Secret containing RabbitMQ transportURL type: string required: - databaseInstance - role - secret - serviceAccount type: object octaviaNetworkAttachment: default: octavia description: OctaviaNetworkAttachment is a NetworkAttachment resource name for the Octavia Management Network type: string octaviaRsyslog: description: OctaviaRsyslog - Spec definition for the Octavia Rsyslog agent for the Octavia deployment properties: adminLogTargets: description: |- AdminLogTargets is a list of OctaviaRsyslogTarget, the admin logs are forwarded to those targets. Use only when forwarding to an external Rsyslog server. items: properties: host: type: string port: type: integer protocol: type: string required: - host - port - protocol type: object type: array containerImage: description: ContainerImage - Rsyslog Container Image URL type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object initContainerImage: description: InitContainerImage - Rsyslog init Container Image URL for type: string networkAttachments: default: - octavia description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: NodeSelector to target subset of worker nodes running this service type: object octaviaProviderSubnetCIDR: description: OctaviaProviderSubnetCIDR - type: string octaviaProviderSubnetExtraCIDRs: description: OctaviaProviderSubnetExtraCIDRs - items: type: string type: array x-kubernetes-list-type: atomic octaviaProviderSubnetGateway: description: OctaviaProviderSubnetGateway - type: string resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object serviceAccount: description: ServiceAccount - service account name used internally to provide Octavia services the default SA name type: string serviceUser: default: octavia description: 'ServiceUser - service user name (TODO: beagles, do we need this at all)' type: string tenantLogTargets: description: |- TenantLogTargets is a list of OctaviaRsyslogTarget, the tenant logs are forwarded to those targets. Use only when forwarding to an external Rsyslog server. items: properties: host: type: string port: type: integer protocol: type: string required: - host - port - protocol type: object type: array topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object required: - serviceAccount type: object octaviaWorker: description: OctaviaHousekeeping - Spec definition for the Octavia Housekeeping agent for the Octavia deployment properties: amphoraCustomFlavors: default: [] description: AmphoraCustomFlavors - User-defined flavors for Octavia items: description: OctaviaAmphoraFlavor Settings for custom Amphora flavors properties: RAM: type: integer RxTxFactor: type: string VCPUs: type: integer description: type: string disk: type: integer name: type: string required: - RAM - VCPUs - disk - name type: object type: array amphoraImageOwnerID: default: "" type: string containerImage: description: ContainerImage - Amphora Controller Container Image URL type: string customServiceConfig: default: '# add your customization here' description: |- CustomServiceConfig - customize the service config using this parameter to change service defaults, or overwrite rendered information using raw OpenStack config format. The content gets added to to /etc//.conf.d directory as custom.conf file. type: string databaseAccount: default: octavia description: |- DatabaseAccount - name of MariaDBAccount which will be used to connect for the main octavia database type: string databaseHostname: description: DatabaseHostname - Octavia DB hostname type: string databaseInstance: description: |- MariaDB instance name Right now required by the maridb-operator to get the credentials from the instance to create the DB Might not be required in future type: string defaultConfigOverwrite: additionalProperties: type: string description: |- ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/ . type: object lbMgmtNetworkID: default: "" type: string lbSecurityGroupID: default: "" type: string networkAttachments: description: NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network items: type: string type: array nodeSelector: additionalProperties: type: string description: NodeSelector to target subset of worker nodes running this service type: object octaviaProviderSubnetCIDR: description: OctaviaProviderSubnetCIDR - type: string octaviaProviderSubnetExtraCIDRs: description: OctaviaProviderSubnetExtraCIDRs - items: type: string type: array octaviaProviderSubnetGateway: description: OctaviaProviderSubnetGateway - type: string passwordSelectors: default: service: OctaviaPassword description: PasswordSelectors - Selectors to identify the AdminUser password from the Secret properties: database: default: OctaviaDatabasePassword description: Database - Selector to get the octavia Database user password from the Secret type: string service: default: OctaviaPassword description: Service - Selector to get the service user password from the Secret type: string type: object persistenceDatabaseAccount: default: octavia-persistence description: |- PersistenceDatabaseAccount - name of MariaDBAccount which will be used to connect for the persistence database type: string redisHosts: default: [] description: List of Redis Hosts items: type: string type: array x-kubernetes-list-type: atomic resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object role: description: Role - the role for the controller (one of worker, housekeeping, healthmanager) type: string secret: description: Secret containing OpenStack password information for octavia OctaviaDatabasePassword, AdminPassword type: string serviceAccount: description: ServiceAccount - service account name used internally to provide Octavia services the default SA name type: string serviceUser: default: octavia description: 'ServiceUser - service user name (TODO: beagles, do we need this at all)' type: string tenantDomainName: default: Default description: TenantDomainName - the name of the OpenStack domain associated with the tenant type: string tenantName: default: service description: TenantName - the name of the OpenStack tenant that controls the Octavia resources type: string tls: description: TLS - Parameters related to the TLS properties: caBundleSecretName: description: CaBundleSecretName - holding the CA certs in a pre-created bundle file type: string type: object topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object transportURLSecret: description: TransportURLSecret - Secret containing RabbitMQ transportURL type: string required: - databaseInstance - role - secret - serviceAccount type: object passwordSelectors: default: service: OctaviaPassword description: PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret properties: database: default: OctaviaDatabasePassword description: Database - Selector to get the octavia Database user password from the Secret type: string service: default: OctaviaPassword description: Service - Selector to get the service user password from the Secret type: string type: object persistenceDatabaseAccount: default: octavia-persistence description: |- PersistenceDatabaseAccount - name of MariaDBAccount which will be used to connect for the persistence database type: string preserveJobs: default: false description: PreserveJobs - do not delete jobs after they finished e.g. to check logs type: boolean rabbitMqClusterName: default: rabbitmq description: |- RabbitMQ instance name Needed to request a transportURL that is created and used in Octavia type: string redisServiceName: default: octavia-redis description: Name of the Redis database for Jobboard type: string resources: description: |- Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object secret: description: |- Secret containing OpenStack password information for octavia's keystone password; no longer used for database password type: string serviceUser: default: octavia description: ServiceUser - service user name type: string sshPrivkeySecret: default: octavia-ssh-privkey-secret description: |- LoadBalancerSSHPrivKey - The name of the secret that will be used to store the private key for connecting to amphorae via SSH type: string sshPubkey: default: octavia-ssh-pubkey description: |- LoadBalancerSSHPubKey - The name of the ConfigMap containing the pubilc key for connecting to the amphorae via SSH type: string tenantDomainName: default: Default description: TenantDomainName - the name of the OpenStack domain associated with the tenant type: string tenantName: default: service description: TenantName - the name of the OpenStack tenant that controls the Octavia resources type: string topologyRef: description: |- TopologyRef to apply the Topology defined by the associated CR referenced by name properties: name: description: Name - The Topology CR name that the Service references type: string namespace: description: |- Namespace - The Namespace to fetch the Topology CR referenced NOTE: Namespace currently points by default to the same namespace where the Service is deployed. Customizing the namespace is not supported and webhooks prevent editing this field to a value different from the current project type: string type: object required: - apacheContainerImage - databaseInstance - octaviaAPI - octaviaNetworkAttachment - rabbitMqClusterName - secret type: object status: description: OctaviaStatus defines the observed state of Octavia properties: apireadyCount: description: ReadyCount of octavia API instances format: int32 type: integer conditions: description: Conditions items: description: Condition defines an observation of a API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: A human readable message indicating details about the transition. type: string reason: description: The reason for the condition's last transition in CamelCase. type: string severity: description: |- Severity provides a classification of Reason code, so the current situation is immediately understandable and could act accordingly. It is meant for situations where Status=False and it should be indicated if it is just informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue and no actions to automatically resolve the issue can/should be done). For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: Type of condition in CamelCase. type: string required: - lastTransitionTime - status - type type: object type: array databaseHostname: description: Octavia Database Hostname type: string hash: additionalProperties: type: string description: Map of hashes to track e.g. job status type: object healthmanagerreadyCount: description: ReadyCount of octavia HealthManager instances format: int32 type: integer housekeepingreadyCount: description: ReadyCount of octavia Housekeeping instances format: int32 type: integer observedGeneration: description: |- ObservedGeneration - the most recent generation observed for this service. If the observed generation is less than the spec generation, then the controller has not processed the latest changes injected by the opentack-operator in the top-level CR (e.g. the ContainerImage) format: int64 type: integer redisHosts: description: List of Redis Hosts items: type: string type: array x-kubernetes-list-type: atomic rsyslogreadyCount: description: ReadyCount of octavia Rsyslog instances format: int32 type: integer transportURLSecret: description: TransportURLSecret - Secret containing RabbitMQ transportURL type: string workerreadyCount: description: ReadyCount of octavia Worker instances format: int32 type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: Octavia listKind: OctaviaList plural: octavias singular: octavia conditions: - lastTransitionTime: "2025-10-11T10:51:50Z" message: no conflicts found reason: NoConflicts status: "True" type: NamesAccepted - lastTransitionTime: "2025-10-11T10:51:50Z" message: the initial names have been accepted reason: InitialNamesAccepted status: "True" type: Established storedVersions: - v1beta1