47 KiB
API Reference
Packages:
core.openfeature.dev/v1beta1
Resource Types:
FeatureFlag
FeatureFlag is the Schema for the featureflags API
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | core.openfeature.dev/v1beta1 | true |
| kind | string | FeatureFlag | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
FeatureFlagSpec defines the desired state of FeatureFlag |
false |
| status | object |
FeatureFlagStatus defines the observed state of FeatureFlag |
false |
FeatureFlag.spec
FeatureFlagSpec defines the desired state of FeatureFlag
| Name | Type | Description | Required |
|---|---|---|---|
| flagSpec | object |
FlagSpec is the structured representation of the feature flag specification |
false |
FeatureFlag.spec.flagSpec
FlagSpec is the structured representation of the feature flag specification
| Name | Type | Description | Required |
|---|---|---|---|
| flags | map[string]object |
|
true |
| $evaluators | object |
|
false |
FeatureFlag.spec.flagSpec.flags[key]
| Name | Type | Description | Required |
|---|---|---|---|
| defaultVariant | string |
|
true |
| state | enum |
Enum: ENABLED, DISABLED |
true |
| variants | object |
|
true |
| targeting | object |
Targeting is the json targeting rule |
false |
FeatureFlagSource
FeatureFlagSource is the Schema for the FeatureFlagSources API
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | core.openfeature.dev/v1beta1 | true |
| kind | string | FeatureFlagSource | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
FeatureFlagSourceSpec defines the desired state of FeatureFlagSource |
false |
| status | object |
FeatureFlagSourceStatus defines the observed state of FeatureFlagSource |
false |
FeatureFlagSource.spec
FeatureFlagSourceSpec defines the desired state of FeatureFlagSource
| Name | Type | Description | Required |
|---|---|---|---|
| sources | []object |
SyncProviders define the syncProviders and associated configuration to be applied to the sidecar |
true |
| debugLogging | boolean |
DebugLogging defines whether to enable --debug flag of flagd sidecar. Default false (disabled). |
false |
| defaultSyncProvider | string |
DefaultSyncProvider defines the default sync provider |
false |
| envVarPrefix | string |
EnvVarPrefix defines the prefix to be applied to all environment variables applied to the sidecar, default FLAGD Default: FLAGD |
false |
| envVars | []object |
EnvVars define the env vars to be applied to the sidecar, any env vars in FeatureFlag CRs
are added at the lowest index, all values will have the EnvVarPrefix applied, default FLAGD |
false |
| evaluator | string |
Evaluator sets an evaluator, defaults to 'json' Default: json |
false |
| logFormat | string |
LogFormat allows for the sidecar log format to be overridden, defaults to 'json' Default: json |
false |
| managementPort | integer |
ManagemetPort defines the port to serve management on, defaults to 8014 Format: int32 Default: 8014 |
false |
| otelCollectorUri | string |
OtelCollectorUri defines whether to enable --otel-collector-uri flag of flagd sidecar. Default false (disabled). |
false |
| port | integer |
Port defines the port to listen on, defaults to 8013 Format: int32 Default: 8013 |
false |
| probesEnabled | boolean |
ProbesEnabled defines whether to enable liveness and readiness probes of flagd sidecar. Default true (enabled). |
false |
| resources | object |
Resources defines flagd sidecar resources. Default to operator sidecar-cpu-* and sidecar-ram-* flags. |
false |
| rolloutOnChange | boolean |
RolloutOnChange dictates whether annotated deployments will be restarted when configuration changes are
detected in this CR, defaults to false |
false |
| socketPath | string |
SocketPath defines the unix socket path to listen on |
false |
| syncProviderArgs | []string |
SyncProviderArgs are string arguments passed to all sync providers, defined as key values separated by = |
false |
FeatureFlagSource.spec.sources[index]
| Name | Type | Description | Required |
|---|---|---|---|
| source | string |
Source is a URI of the flag sources |
true |
| certPath | string |
CertPath is a path of a certificate to be used by grpc TLS connection |
false |
| httpSyncBearerToken | string |
HttpSyncBearerToken is a bearer token. Used by http(s) sync provider only |
false |
| interval | integer |
Interval is a flag configuration interval in seconds used by http provider Format: int32 |
false |
| provider | string |
Provider type - kubernetes, http(s), grpc(s) or file |
false |
| providerID | string |
ProviderID is an identifier to be used in grpc provider |
false |
| selector | string |
Selector is a flag configuration selector used by grpc provider |
false |
| tls | boolean |
TLS - Enable/Disable secure TLS connectivity. Currently used only by GRPC sync |
false |
FeatureFlagSource.spec.envVars[index]
EnvVar represents an environment variable present in a Container.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable. Must be a C_IDENTIFIER. |
true |
| value | string |
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "". |
false |
| valueFrom | object |
Source for the environment variable's value. Cannot be used if value is not empty. |
false |
FeatureFlagSource.spec.envVars[index].valueFrom
Source for the environment variable's value. Cannot be used if value is not empty.
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object |
Selects a key of a ConfigMap. |
false |
| fieldRef | object |
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. |
false |
| resourceFieldRef | object |
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. |
false |
| secretKeyRef | object |
Selects a key of a secret in the pod's namespace |
false |
FeatureFlagSource.spec.envVars[index].valueFrom.configMapKeyRef
Selects a key of a ConfigMap.
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
The key to select. |
true |
| name | string |
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default: |
false |
| optional | boolean |
Specify whether the ConfigMap or its key must be defined |
false |
FeatureFlagSource.spec.envVars[index].valueFrom.fieldRef
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KEY>'], metadata.annotations['<KEY>'],
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
| Name | Type | Description | Required |
|---|---|---|---|
| fieldPath | string |
Path of the field to select in the specified API version. |
true |
| apiVersion | string |
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
false |
FeatureFlagSource.spec.envVars[index].valueFrom.resourceFieldRef
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| resource | string |
Required: resource to select |
true |
| containerName | string |
Container name: required for volumes, optional for env vars |
false |
| divisor | int or string |
Specifies the output format of the exposed resources, defaults to "1" |
false |
FeatureFlagSource.spec.envVars[index].valueFrom.secretKeyRef
Selects a key of a secret in the pod's namespace
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
The key of the secret to select from. Must be a valid secret key. |
true |
| name | string |
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default: |
false |
| optional | boolean |
Specify whether the Secret or its key must be defined |
false |
FeatureFlagSource.spec.resources
Resources defines flagd sidecar resources. Default to operator sidecar-cpu-* and sidecar-ram-* flags.
| Name | Type | Description | Required |
|---|---|---|---|
| claims | []object |
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
false |
| limits | map[string]int or string |
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
false |
| requests | map[string]int or string |
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
false |
FeatureFlagSource.spec.resources.claims[index]
ResourceClaim references one entry in PodSpec.ResourceClaims.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container. |
true |
| request | string |
Request is the name chosen for a request in the referenced claim.
If empty, everything from the claim is made available, otherwise
only the result of this request. |
false |
Flagd
Flagd is the Schema for the flagds API
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | core.openfeature.dev/v1beta1 | true |
| kind | string | Flagd | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
FlagdSpec defines the desired state of Flagd |
false |
| status | object |
FlagdStatus defines the observed state of Flagd |
false |
Flagd.spec
FlagdSpec defines the desired state of Flagd
| Name | Type | Description | Required |
|---|---|---|---|
| featureFlagSource | string |
FeatureFlagSource references to a FeatureFlagSource from which the created flagd instance retrieves
the feature flag configurations |
true |
| gatewayApiRoutes | object |
GatewayApiRoutes |
false |
| ingress | object |
Ingress |
false |
| replicas | integer |
Replicas defines the number of replicas to create for the service.
Default: 1 Format: int32 Default: 1 |
false |
| serviceAccountName | string |
ServiceAccountName the service account name for the flagd deployment |
false |
| serviceType | enum |
ServiceType represents the type of Service to create.
Must be one of: ClusterIP, NodePort, LoadBalancer, and ExternalName.
Default: ClusterIP Enum: ClusterIP, NodePort, LoadBalancer, ExternalName Default: ClusterIP |
false |
Flagd.spec.gatewayApiRoutes
GatewayApiRoutes
| Name | Type | Description | Required |
|---|---|---|---|
| parentRefs | []object |
ParentRefs references the resources (usually Gateways) that the Routes should
be attached to. |
true |
| annotations | map[string]string |
Annotations to be added to the Gateway API routes |
false |
| enabled | boolean |
Enabled enables/disables the Gateway API routes for flagd |
false |
| hosts | []string |
Hosts list of hosts to be added to the ingress.
Empty string corresponds to rule with no host. |
false |
Flagd.spec.gatewayApiRoutes.parentRefs[index]
ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with "Core" support:
- Gateway (Gateway conformance profile)
- Service (Mesh conformance profile, ClusterIP Services only)
This API may be extended in the future to support additional kinds of parent resources.
The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name is the name of the referent.
Support: Core |
true |
| group | string |
Group is the group of the referent.
When unspecified, "gateway.networking.k8s.io" is inferred.
To set the core API group (such as for a "Service" kind referent),
Group must be explicitly set to "" (empty string).
Support: Core |
false |
| kind | string |
Kind is kind of the referent.
There are two kinds of parent resources with "Core" support:
Support for other resources is Implementation-Specific. |
false |
| namespace | string |
Namespace is the namespace of the referent. When unspecified, this refers
to the local namespace of the Route.
Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. <gateway:experimental:description> ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. </gateway:experimental:description> Support: Core |
false |
| port | integer |
Port is the network port this Route targets. It can be interpreted
differently based on the type of parent resource.
When the parent resource is a Gateway, this targets all listeners
listening on the specified port that also support this kind of Route(and
select this Route). It's not recommended to set <gateway:experimental:description> When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. </gateway:experimental:description> Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended |
false |
| sectionName | string |
SectionName is the name of a section within the target resource. In the
following resources, SectionName is interpreted as the following:
Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Core |
false |
Flagd.spec.ingress
Ingress
| Name | Type | Description | Required |
|---|---|---|---|
| hosts | []string |
Hosts list of hosts to be added to the ingress.
Empty string corresponds to rule with no host. |
true |
| annotations | map[string]string |
Annotations the annotations to be added to the ingress |
false |
| enabled | boolean |
Enabled enables/disables the ingress for flagd |
false |
| flagdPath | string |
FlagdPath is the path to be used for accessing the flagd flag evaluation API
Default: /flagd.evaluation.v1.Service |
false |
| ingressClassName | string |
IngressClassName defines the name if the ingress class to be used for flagd |
false |
| ofrepPath | string |
OFREPPath is the path to be used for accessing the OFREP API
Default: /ofrep |
false |
| pathType | string |
PathType is the path type to be used for the ingress rules |
false |
| syncPath | string |
SyncPath is the path to be used for accessing the sync API
Default: /flagd.sync.v1.Service |
false |
| tls | []object |
TLS configuration for the ingress |
false |
Flagd.spec.ingress.tls[index]
IngressTLS describes the transport layer security associated with an ingress.
| Name | Type | Description | Required |
|---|---|---|---|
| hosts | []string |
hosts is a list of hosts included in the TLS certificate. The values in
this list must match the name/s used in the tlsSecret. Defaults to the
wildcard host setting for the loadbalancer controller fulfilling this
Ingress, if left unspecified. |
false |
| secretName | string |
secretName is the name of the secret used to terminate TLS traffic on
port 443. Field is left optional to allow TLS routing based on SNI
hostname alone. If the SNI host in a listener conflicts with the "Host"
header field used by an IngressRule, the SNI host is used for termination
and value of the "Host" header is used for routing. |
false |
InProcessConfiguration
InProcessConfiguration is the Schema for the inprocesconfigurations API
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | core.openfeature.dev/v1beta1 | true |
| kind | string | InProcessConfiguration | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
InProcessConfigurationSpec defines the desired state of InProcessConfiguration |
false |
| status | object |
InProcessConfigurationStatus defines the observed state of InProcessConfiguration |
false |
InProcessConfiguration.spec
InProcessConfigurationSpec defines the desired state of InProcessConfiguration
| Name | Type | Description | Required |
|---|---|---|---|
| cache | string |
Cache Default: lru |
false |
| cacheMaxSize | integer |
CacheMaxSize Default: 1000 |
false |
| envVarPrefix | string |
EnvVarPrefix defines the prefix to be applied to all environment variables applied to the sidecar, default FLAGD Default: FLAGD |
false |
| envVars | []object |
EnvVars |
false |
| host | string |
Host Default: localhost |
false |
| offlineFlagSourcePath | string |
OfflineFlagSourcePath |
false |
| port | integer |
Port defines the port to listen on, defaults to 8015 Format: int32 Default: 8015 |
false |
| selector | string |
Selector |
false |
| socketPath | string |
SocketPath defines the unix socket path to listen on |
false |
| tls | boolean |
TLS Default: false |
false |
InProcessConfiguration.spec.envVars[index]
EnvVar represents an environment variable present in a Container.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable. Must be a C_IDENTIFIER. |
true |
| value | string |
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "". |
false |
| valueFrom | object |
Source for the environment variable's value. Cannot be used if value is not empty. |
false |
InProcessConfiguration.spec.envVars[index].valueFrom
Source for the environment variable's value. Cannot be used if value is not empty.
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object |
Selects a key of a ConfigMap. |
false |
| fieldRef | object |
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. |
false |
| resourceFieldRef | object |
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. |
false |
| secretKeyRef | object |
Selects a key of a secret in the pod's namespace |
false |
InProcessConfiguration.spec.envVars[index].valueFrom.configMapKeyRef
Selects a key of a ConfigMap.
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
The key to select. |
true |
| name | string |
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default: |
false |
| optional | boolean |
Specify whether the ConfigMap or its key must be defined |
false |
InProcessConfiguration.spec.envVars[index].valueFrom.fieldRef
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KEY>'], metadata.annotations['<KEY>'],
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
| Name | Type | Description | Required |
|---|---|---|---|
| fieldPath | string |
Path of the field to select in the specified API version. |
true |
| apiVersion | string |
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
false |
InProcessConfiguration.spec.envVars[index].valueFrom.resourceFieldRef
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| resource | string |
Required: resource to select |
true |
| containerName | string |
Container name: required for volumes, optional for env vars |
false |
| divisor | int or string |
Specifies the output format of the exposed resources, defaults to "1" |
false |
InProcessConfiguration.spec.envVars[index].valueFrom.secretKeyRef
Selects a key of a secret in the pod's namespace
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
The key of the secret to select from. Must be a valid secret key. |
true |
| name | string |
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default: |
false |
| optional | boolean |
Specify whether the Secret or its key must be defined |
false |