apiVersion: appplatform.wcp.vmware.com/v1alpha2 kind: SupervisorServiceDefinition metadata: name: placeholder spec: crdYaml: content: "apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\n\ metadata:\n annotations:\n controller-gen.kubebuilder.io/version: v0.2.9\n\ \ creationTimestamp: null\n name: veleroservices.veleroappoperator.vmware.com\n\ spec:\n group: veleroappoperator.vmware.com\n names:\n kind: VeleroService\n\ \ listKind: VeleroServiceList\n plural: veleroservices\n singular:\ \ veleroservice\n scope: Namespaced\n subresources:\n status: {}\n validation:\n\ \ openAPIV3Schema:\n description: VeleroService is the Schema for the\ \ VeleroService API\n properties:\n apiVersion:\n description:\ \ 'APIVersion defines the versioned schema of this representation\n \ \ of an object. Servers should convert recognized schemas to the latest\n\ \ internal value, and may reject unrecognized values. More info:\ \ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n\ \ type: string\n kind:\n description: 'Kind is a string\ \ value representing the REST resource this\n object represents.\ \ Servers may infer this from the endpoint the client\n submits requests\ \ to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n\ \ type: string\n metadata:\n type: object\n \ \ spec:\n description: VeleroServiceSpec defines the desired state\ \ of VeleroService\n properties:\n backuplocationconfig:\n\ \ description: BackupLocationConfig is for provider-specific configuration\n\ \ fields\n type: string\n bucket:\n \ \ description: Bucket in object store\n type: string\n\ \ guestcbtenabled:\n description: ChangeBlockTracking\ \ is requested to be enabled in guest\n clusters if set; Otherwise,\ \ it is requested to be disabled.\n type: boolean\n \ \ image:\n description: Image of Velero\n type: string\n\ \ namespace:\n description: Namespace of Velero service\n\ \ type: string\n nodefaultbackuplocation:\n \ \ description: NoDefaultBackupLocation indicates whether a default backup\n\ \ location should be created\n type: boolean\n \ \ nosecret:\n description: NoSecret indicates whehter\ \ a secret should be created\n type: boolean\n objectstoreprovider:\n\ \ description: Provider for object store\n type: string\n\ \ plugins:\n description: Velero plugins, including\n\ \ items:\n type: string\n type: array\n\ \ snapshotlocationconfig:\n description: SnapshotLocationConfig\ \ is for provider-specific configuration\n fields\n \ \ type: string\n upgradeoption:\n description: Upgrade\ \ option\n enum:\n - Manual\n - Auto\n\ \ type: string\n useprivateregistry:\n \ \ description: UsePrivateRegistry indicates whether to pull velero image\n \ \ from a private registry\n type: boolean\n \ \ usevolumesnapshots:\n description: UseVolumeSnapshots indicates\ \ whether a default snapshot\n location should be created\n \ \ type: boolean\n version:\n description:\ \ Version of Velero\n type: string\n required:\n \ \ - plugins\n type: object\n status:\n description:\ \ VeleroServiceStatus defines the observed state of VeleroService\n \ \ properties:\n enabled:\n description: Whether the\ \ service is enabled or not\n type: boolean\n guestcbtenabled:\n\ \ description: Whether the ChangeBlockTracking is enabled or not\ \ in guest\n clusters\n type: boolean\n \ \ installmessage:\n description: Message is a message about\ \ the VeleroService install.\n type: string\n installphase:\n\ \ description: Phase is the current state of VeleroService install\n\ \ enum:\n - Failed\n - Completed\n \ \ type: string\n version:\n description:\ \ Version is the version of the installed Velero\n type: string\n\ \ type: object\n type: object\n version: v1alpha1\n versions:\n\ \ - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n\ \ kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n" format: plain description: Velero vSphere Operator helps users install Velero and its vSphere plugin on a vSphere with Kubernetes Supervisor cluster eula: "Velero\n\nApache License\nVersion 2.0, January 2004\nhttp://www.apache.org/licenses/\n\ \nTERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n1. Definitions.\n\ \n\"License\" shall mean the terms and conditions for use, reproduction,\nand\ \ distribution as defined by Sections 1 through 9 of this document.\n\n\"Licensor\"\ \ shall mean the copyright owner or entity authorized by\nthe copyright owner\ \ that is granting the License.\n\n\"Legal Entity\" shall mean the union of the\ \ acting entity and all\nother entities that control, are controlled by, or are\ \ under common\ncontrol with that entity. For the purposes of this definition,\n\ \"control\" means (i) the power, direct or indirect, to cause the\ndirection or\ \ management of such entity, whether by contract or\notherwise, or (ii) ownership\ \ of fifty percent (50%) or more of the\noutstanding shares, or (iii) beneficial\ \ ownership of such entity.\n\n\"You\" (or \"Your\") shall mean an individual\ \ or Legal Entity\nexercising permissions granted by this License.\n\n\"Source\"\ \ form shall mean the preferred form for making modifications,\nincluding but\ \ not limited to software source code, documentation\nsource, and configuration\ \ files.\n\n\"Object\" form shall mean any form resulting from mechanical\ntransformation\ \ or translation of a Source form, including but\nnot limited to compiled object\ \ code, generated documentation,\nand conversions to other media types.\n\n\"\ Work\" shall mean the work of authorship, whether in Source or\nObject form, made\ \ available under the License, as indicated by a\ncopyright notice that is included\ \ in or attached to the work\n(an example is provided in the Appendix below).\n\ \n\"Derivative Works\" shall mean any work, whether in Source or Object\nform,\ \ that is based on (or derived from) the Work and for which the\neditorial revisions,\ \ annotations, elaborations, or other modifications\nrepresent, as a whole, an\ \ original work of authorship. For the purposes\nof this License, Derivative Works\ \ shall not include works that remain\nseparable from, or merely link (or bind\ \ by name) to the interfaces of,\nthe Work and Derivative Works thereof.\n\n\"\ Contribution\" shall mean any work of authorship, including\nthe original version\ \ of the Work and any modifications or additions\nto that Work or Derivative Works\ \ thereof, that is intentionally\nsubmitted to Licensor for inclusion in the Work\ \ by the copyright owner\nor by an individual or Legal Entity authorized to submit\ \ on behalf of\nthe copyright owner. For the purposes of this definition, \"submitted\"\ \nmeans any form of electronic, verbal, or written communication sent\nto the\ \ Licensor or its representatives, including but not limited to\ncommunication\ \ on electronic mailing lists, source code control systems,\nand issue tracking\ \ systems that are managed by, or on behalf of, the\nLicensor for the purpose\ \ of discussing and improving the Work, but\nexcluding communication that is conspicuously\ \ marked or otherwise\ndesignated in writing by the copyright owner as \"Not a\ \ Contribution.\"\n\n\"Contributor\" shall mean Licensor and any individual or\ \ Legal Entity\non behalf of whom a Contribution has been received by Licensor\ \ and\nsubsequently incorporated within the Work.\n\n2. Grant of Copyright License.\ \ Subject to the terms and conditions of\nthis License, each Contributor hereby\ \ grants to You a perpetual,\nworldwide, non-exclusive, no-charge, royalty-free,\ \ irrevocable\ncopyright license to reproduce, prepare Derivative Works of,\n\ publicly display, publicly perform, sublicense, and distribute the\nWork and such\ \ Derivative Works in Source or Object form.\n\n3. Grant of Patent License. Subject\ \ to the terms and conditions of\nthis License, each Contributor hereby grants\ \ to You a perpetual,\nworldwide, non-exclusive, no-charge, royalty-free, irrevocable\n\ (except as stated in this section) patent license to make, have made,\nuse, offer\ \ to sell, sell, import, and otherwise transfer the Work,\nwhere such license\ \ applies only to those patent claims licensable\nby such Contributor that are\ \ necessarily infringed by their\nContribution(s) alone or by combination of their\ \ Contribution(s)\nwith the Work to which such Contribution(s) was submitted.\ \ If You\ninstitute patent litigation against any entity (including a\ncross-claim\ \ or counterclaim in a lawsuit) alleging that the Work\nor a Contribution incorporated\ \ within the Work constitutes direct\nor contributory patent infringement, then\ \ any patent licenses\ngranted to You under this License for that Work shall terminate\n\ as of the date such litigation is filed.\n\n4. Redistribution. You may reproduce\ \ and distribute copies of the\nWork or Derivative Works thereof in any medium,\ \ with or without\nmodifications, and in Source or Object form, provided that\ \ You\nmeet the following conditions:\n\n(a) You must give any other recipients\ \ of the Work or\nDerivative Works a copy of this License; and\n\n(b) You must\ \ cause any modified files to carry prominent notices\nstating that You changed\ \ the files; and\n\n(c) You must retain, in the Source form of any Derivative\ \ Works\nthat You distribute, all copyright, patent, trademark, and\nattribution\ \ notices from the Source form of the Work,\nexcluding those notices that do not\ \ pertain to any part of\nthe Derivative Works; and\n\n(d) If the Work includes\ \ a \"NOTICE\" text file as part of its\ndistribution, then any Derivative Works\ \ that You distribute must\ninclude a readable copy of the attribution notices\ \ contained\nwithin such NOTICE file, excluding those notices that do not\npertain\ \ to any part of the Derivative Works, in at least one\nof the following places:\ \ within a NOTICE text file distributed\nas part of the Derivative Works; within\ \ the Source form or\ndocumentation, if provided along with the Derivative Works;\ \ or,\nwithin a display generated by the Derivative Works, if and\nwherever such\ \ third-party notices normally appear. The contents\nof the NOTICE file are for\ \ informational purposes only and\ndo not modify the License. You may add Your\ \ own attribution\nnotices within Derivative Works that You distribute, alongside\n\ or as an addendum to the NOTICE text from the Work, provided\nthat such additional\ \ attribution notices cannot be construed\nas modifying the License.\n\nYou may\ \ add Your own copyright statement to Your modifications and\nmay provide additional\ \ or different license terms and conditions\nfor use, reproduction, or distribution\ \ of Your modifications, or\nfor any such Derivative Works as a whole, provided\ \ Your use,\nreproduction, and distribution of the Work otherwise complies with\n\ the conditions stated in this License.\n\n5. Submission of Contributions. Unless\ \ You explicitly state otherwise,\nany Contribution intentionally submitted for\ \ inclusion in the Work\nby You to the Licensor shall be under the terms and conditions\ \ of\nthis License, without any additional terms or conditions.\nNotwithstanding\ \ the above, nothing herein shall supersede or modify\nthe terms of any separate\ \ license agreement you may have executed\nwith Licensor regarding such Contributions.\n\ \n6. Trademarks. This License does not grant permission to use the trade\nnames,\ \ trademarks, service marks, or product names of the Licensor,\nexcept as required\ \ for reasonable and customary use in describing the\norigin of the Work and reproducing\ \ the content of the NOTICE file.\n\n7. Disclaimer of Warranty. Unless required\ \ by applicable law or\nagreed to in writing, Licensor provides the Work (and\ \ each\nContributor provides its Contributions) on an \"AS IS\" BASIS,\nWITHOUT\ \ WARRANTIES OR CONDITIONS OF ANY KIND, either express or\nimplied, including,\ \ without limitation, any warranties or conditions\nof TITLE, NON-INFRINGEMENT,\ \ MERCHANTABILITY, or FITNESS FOR A\nPARTICULAR PURPOSE. You are solely responsible\ \ for determining the\nappropriateness of using or redistributing the Work and\ \ assume any\nrisks associated with Your exercise of permissions under this License.\n\ \n8. Limitation of Liability. In no event and under no legal theory,\nwhether\ \ in tort (including negligence), contract, or otherwise,\nunless required by\ \ applicable law (such as deliberate and grossly\nnegligent acts) or agreed to\ \ in writing, shall any Contributor be\nliable to You for damages, including any\ \ direct, indirect, special,\nincidental, or consequential damages of any character\ \ arising as a\nresult of this License or out of the use or inability to use the\n\ Work (including but not limited to damages for loss of goodwill,\nwork stoppage,\ \ computer failure or malfunction, or any and all\nother commercial damages or\ \ losses), even if such Contributor\nhas been advised of the possibility of such\ \ damages.\n\n9. Accepting Warranty or Additional Liability. While redistributing\n\ the Work or Derivative Works thereof, You may choose to offer,\nand charge a fee\ \ for, acceptance of support, warranty, indemnity,\nor other liability obligations\ \ and/or rights consistent with this\nLicense. However, in accepting such obligations,\ \ You may act only\non Your own behalf and on Your sole responsibility, not on\ \ behalf\nof any other Contributor, and only if You agree to indemnify,\ndefend,\ \ and hold each Contributor harmless for any liability\nincurred by, or claims\ \ asserted against, such Contributor by reason\nof your accepting any such warranty\ \ or additional liability.\n\nEND OF TERMS AND CONDITIONS\n\nAPPENDIX: How to\ \ apply the Apache License to your work.\n\nTo apply the Apache License to your\ \ work, attach the following\nboilerplate notice, with the fields enclosed by\ \ brackets \"{}\"\nreplaced with your own identifying information. (Don't include\n\ the brackets!) The text should be enclosed in the appropriate\ncomment syntax\ \ for the file format. We also recommend that a\nfile or class name and description\ \ of purpose be included on the\nsame \"printed page\" as the copyright notice\ \ for easier\nidentification within third-party archives.\n\nCopyright {yyyy}\ \ {name of copyright owner}\n\nLicensed under the Apache License, Version 2.0\ \ (the \"License\");\nyou may not use this file except in compliance with the\ \ License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\ \nUnless required by applicable law or agreed to in writing, software\ndistributed\ \ under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES\ \ OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the\ \ specific language governing permissions and\nlimitations under the License.\n\ \n\nvSphere Plugin for Velero\n\nCopyright (c) 2019 VMware, Inc. All rights reserved.\n\ \nThe Apache 2.0 license (the \"License\") set forth below applies to all parts\ \ of the vSphere Plugin for Velero project. You may not use this file except\ \ in compliance with the License.\n\nApache License\n\nVersion 2.0, January 2004\n\ http://www.apache.org/licenses/\n\nTERMS AND CONDITIONS FOR USE, REPRODUCTION,\ \ AND DISTRIBUTION\n\n1. Definitions.\n\n\"License\" shall mean the terms and\ \ conditions for use, reproduction,\nand distribution as defined by Sections 1\ \ through 9 of this document.\n\n\"Licensor\" shall mean the copyright owner or\ \ entity authorized by the\ncopyright owner that is granting the License.\n\n\"\ Legal Entity\" shall mean the union of the acting entity and all other\nentities\ \ that control, are controlled by, or are under common control\nwith that entity.\ \ For the purposes of this definition, \"control\" means\n(i) the power, direct\ \ or indirect, to cause the direction or management\nof such entity, whether by\ \ contract or otherwise, or (ii) ownership\nof fifty percent (50%) or more of\ \ the outstanding shares, or (iii)\nbeneficial ownership of such entity.\n\n\"\ You\" (or \"Your\") shall mean an individual or Legal Entity exercising\npermissions\ \ granted by this License.\n\n\"Source\" form shall mean the preferred form for\ \ making modifications,\nincluding but not limited to software source code, documentation\ \ source,\nand configuration files.\n\n\"Object\" form shall mean any form resulting\ \ from mechanical transformation\nor translation of a Source form, including but\ \ not limited to compiled\nobject code, generated documentation, and conversions\ \ to other media\ntypes.\n\n\"Work\" shall mean the work of authorship, whether\ \ in Source or\nObject form, made available under the License, as indicated by\ \ a copyright\nnotice that is included in or attached to the work (an example\ \ is provided\nin the Appendix below).\n\n\"Derivative Works\" shall mean any\ \ work, whether in Source or Object form,\nthat is based on (or derived from)\ \ the Work and for which the editorial\nrevisions, annotations, elaborations,\ \ or other modifications represent,\nas a whole, an original work of authorship.\ \ For the purposes of this\nLicense, Derivative Works shall not include works\ \ that remain separable\nfrom, or merely link (or bind by name) to the interfaces\ \ of, the Work\nand Derivative Works thereof.\n\n\"Contribution\" shall mean any\ \ work of authorship, including the\noriginal version of the Work and any modifications\ \ or additions to\nthat Work or Derivative Works thereof, that is intentionally\ \ submitted\nto Licensor for inclusion in the Work by the copyright owner or by\ \ an\nindividual or Legal Entity authorized to submit on behalf of the copyright\n\ owner. For the purposes of this definition, \"submitted\" means any form of\n\ electronic, verbal, or written communication sent to the Licensor or its\nrepresentatives,\ \ including but not limited to communication on electronic\nmailing lists, source\ \ code control systems, and issue tracking systems\nthat are managed by, or on\ \ behalf of, the Licensor for the purpose of\ndiscussing and improving the Work,\ \ but excluding communication that is\nconspicuously marked or otherwise designated\ \ in writing by the copyright\nowner as \"Not a Contribution.\"\n\n\"Contributor\"\ \ shall mean Licensor and any individual or Legal Entity\non behalf of whom a\ \ Contribution has been received by Licensor and\nsubsequently incorporated within\ \ the Work.\n\n2. Grant of Copyright License.\nSubject to the terms and conditions\ \ of this License, each Contributor\nhereby grants to You a perpetual, worldwide,\ \ non-exclusive, no-charge,\nroyalty-free, irrevocable copyright license to reproduce,\ \ prepare\nDerivative Works of, publicly display, publicly perform, sublicense,\ \ and\ndistribute the Work and such Derivative Works in Source or Object form.\n\ \n3. Grant of Patent License.\nSubject to the terms and conditions of this License,\ \ each Contributor\nhereby grants to You a perpetual, worldwide, non-exclusive,\ \ no-charge,\nroyalty- free, irrevocable (except as stated in this section) patent\n\ license to make, have made, use, offer to sell, sell, import, and\notherwise transfer\ \ the Work, where such license applies only to those\npatent claims licensable\ \ by such Contributor that are necessarily\ninfringed by their Contribution(s)\ \ alone or by combination of\ntheir Contribution(s) with the Work to which such\ \ Contribution(s)\nwas submitted. If You institute patent litigation against any\ \ entity\n(including a cross-claim or counterclaim in a lawsuit) alleging that\ \ the\nWork or a Contribution incorporated within the Work constitutes direct\n\ or contributory patent infringement, then any patent licenses granted\nto You\ \ under this License for that Work shall terminate as of the date\nsuch litigation\ \ is filed.\n\n4. Redistribution.\nYou may reproduce and distribute copies of\ \ the Work or Derivative Works\nthereof in any medium, with or without modifications,\ \ and in Source or\nObject form, provided that You meet the following conditions:\n\ \n a. You must give any other recipients of the Work or Derivative Works\n \ \ a copy of this License; and\n\n b. You must cause any modified files to carry\ \ prominent notices stating\n that You changed the files; and\n\n c. You\ \ must retain, in the Source form of any Derivative Works that\n You distribute,\ \ all copyright, patent, trademark, and attribution\n notices from the Source\ \ form of the Work, excluding those notices\n that do not pertain to any part\ \ of the Derivative Works; and\n\n d. If the Work includes a \"NOTICE\" text\ \ file as part of its\n distribution, then any Derivative Works that You distribute\ \ must\n include a readable copy of the attribution notices contained\n \ \ within such NOTICE file, excluding those notices that do not\n pertain\ \ to any part of the Derivative Works, in at least one of\n the following\ \ places: within a NOTICE text file distributed as part\n of the Derivative\ \ Works; within the Source form or documentation,\n if provided along with\ \ the Derivative Works; or, within a display\n generated by the Derivative\ \ Works, if and wherever such third-party\n notices normally appear. The contents\ \ of the NOTICE file are for\n informational purposes only and do not modify\ \ the License. You\n may add Your own attribution notices within Derivative\ \ Works that\n You distribute, alongside or as an addendum to the NOTICE text\n\ \ from the Work, provided that such additional attribution notices\n cannot\ \ be construed as modifying the License. You may add Your own\n copyright\ \ statement to Your modifications and may provide additional\n or different\ \ license terms and conditions for use, reproduction, or\n distribution of\ \ Your modifications, or for any such Derivative Works\n as a whole, provided\ \ Your use, reproduction, and distribution of the\n Work otherwise complies\ \ with the conditions stated in this License.\n\n5. Submission of Contributions.\n\ Unless You explicitly state otherwise, any Contribution intentionally\nsubmitted\ \ for inclusion in the Work by You to the Licensor shall be\nunder the terms and\ \ conditions of this License, without any additional\nterms or conditions. Notwithstanding\ \ the above, nothing herein shall\nsupersede or modify the terms of any separate\ \ license agreement you may\nhave executed with Licensor regarding such Contributions.\n\ \n6. Trademarks.\nThis License does not grant permission to use the trade names,\ \ trademarks,\nservice marks, or product names of the Licensor, except as required\ \ for\nreasonable and customary use in describing the origin of the Work and\n\ reproducing the content of the NOTICE file.\n\n7. Disclaimer of Warranty.\nUnless\ \ required by applicable law or agreed to in writing, Licensor\nprovides the Work\ \ (and each Contributor provides its Contributions) on\nan \"AS IS\" BASIS, WITHOUT\ \ WARRANTIES OR CONDITIONS OF ANY KIND, either\nexpress or implied, including,\ \ without limitation, any warranties or\nconditions of TITLE, NON-INFRINGEMENT,\ \ MERCHANTABILITY, or FITNESS FOR\nA PARTICULAR PURPOSE. You are solely responsible\ \ for determining the\nappropriateness of using or redistributing the Work and\ \ assume any risks\nassociated with Your exercise of permissions under this License.\n\ \n8. Limitation of Liability.\nIn no event and under no legal theory, whether\ \ in tort (including\nnegligence), contract, or otherwise, unless required by\ \ applicable law\n(such as deliberate and grossly negligent acts) or agreed to\ \ in writing,\nshall any Contributor be liable to You for damages, including any\ \ direct,\nindirect, special, incidental, or consequential damages of any character\n\ arising as a result of this License or out of the use or inability to\nuse the\ \ Work (including but not limited to damages for loss of goodwill,\nwork stoppage,\ \ computer failure or malfunction, or any and all other\ncommercial damages or\ \ losses), even if such Contributor has been advised\nof the possibility of such\ \ damages.\n\n9. Accepting Warranty or Additional Liability.\nWhile redistributing\ \ the Work or Derivative Works thereof, You may\nchoose to offer, and charge a\ \ fee for, acceptance of support, warranty,\nindemnity, or other liability obligations\ \ and/or rights consistent with\nthis License. However, in accepting such obligations,\ \ You may act only\non Your own behalf and on Your sole responsibility, not on\ \ behalf of\nany other Contributor, and only if You agree to indemnify, defend,\ \ and\nhold each Contributor harmless for any liability incurred by, or claims\n\ asserted against, such Contributor by reason of your accepting any such\nwarranty\ \ or additional liability.\n\nEND OF TERMS AND CONDITIONS" label: Velero vSphere Operator operatorYaml: content: "\n---\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\n\ metadata:\n name: velero-vsphere-operator-webhook-role\nrules:\n - apiGroups:\ \ [\"cert-manager.io\"]\n resources: [\"certificates\", \"issuers\"]\n \ \ verbs: [\"create\", \"delete\", \"get\", \"list\", \"watch\", \"update\"\ , \"patch\"]\n - apiGroups: [\"cert-manager.io\"]\n resources: [\"certificates/status\"\ , \"issuers/status\"]\n verbs: [\"get\", \"list\", \"watch\"]\n - apiGroups:\ \ [\"admissionregistration.k8s.io\"]\n resources: [\"mutatingwebhookconfigurations\"\ ]\n verbs: [\"create\", \"delete\", \"get\", \"list\", \"watch\", \"update\"\ , \"patch\"]\n\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\n\ metadata:\n name: velero-vsphere-operator-webhook-role-binding\nsubjects:\n\ \ - kind: ServiceAccount\n name: default\n namespace: vmware-system-appplatform-operator-system\n\ roleRef:\n kind: ClusterRole\n name: velero-vsphere-operator-webhook-role\n\ \ apiGroup: rbac.authorization.k8s.io\n---\n{{ if .Values.registryUsername\ \ }}\napiVersion: v1\nkind: Secret\nmetadata:\n labels:\n component: {{\ \ .service.prefix }}-operator\n name: {{ .service.prefix }}-regcred\n namespace:\ \ {{ .service.namespace }}\ndata:\n .dockerconfigjson: {{ printf \"{\\\"auths\\\ \": {\\\"%s\\\": {\\\"auth\\\": \\\"%s\\\"}}}\" .Values.registryName (printf\ \ \"%s:%s\" .Values.registryUsername .Values.registryPasswd | b64enc) | b64enc\ \ }}\ntype: kubernetes.io/dockerconfigjson\n{{ end }}\n---\napiVersion: rbac.authorization.k8s.io/v1\n\ kind: ClusterRole\nmetadata:\n creationTimestamp: null\n labels:\n component:\ \ '{{ .service.prefix }}-operator'\n name: '{{ .service.prefix }}-operator'\n\ rules:\n- apiGroups:\n - \"\"\n resources:\n - events\n - namespaces\n \ \ - pods\n - secrets\n - serviceaccounts\n verbs:\n - '*'\n- apiGroups:\n\ \ - apiextensions.k8s.io\n resources:\n - customresourcedefinitions\n verbs:\n\ \ - '*'\n- apiGroups:\n - apps\n - extensions\n resources:\n - deployments\n\ \ - deployments/scale\n - deployments/status\n - replicasets\n verbs:\n\ \ - '*'\n- apiGroups:\n - backupdriver.cnsdp.vmware.com\n resources:\n -\ \ '*'\n verbs:\n - '*'\n- apiGroups:\n - cluster.x-k8s.io\n resources:\n\ \ - clusters\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - cluster.x-k8s.io\n\ \ resources:\n - clusters/status\n verbs:\n - get\n- apiGroups:\n - datamover.cnsdp.vmware.com\n\ \ resources:\n - '*'\n verbs:\n - '*'\n- apiGroups:\n - policy\n resourceNames:\n\ \ - wcp-privileged-psp\n resources:\n - podsecuritypolicies\n verbs:\n \ \ - use\n- apiGroups:\n - rbac.authorization.k8s.io\n resources:\n - '*'\n\ \ verbs:\n - '*'\n- apiGroups:\n - run.tanzu.vmware.com\n resources:\n \ \ - providerserviceaccounts\n verbs:\n - create\n - get\n - list\n - patch\n\ \ - update\n - watch\n- apiGroups:\n - run.tanzu.vmware.com\n resources:\n\ \ - tanzukubernetesclusters\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n\ \ - run.tanzu.vmware.com\n resources:\n - tanzukubernetesclusters/status\n\ \ verbs:\n - get\n- apiGroups:\n - velero.io\n resources:\n - '*'\n verbs:\n\ \ - '*'\n- apiGroups:\n - veleroappoperator.vmware.com\n resources:\n -\ \ veleroservices\n verbs:\n - '*'\n- apiGroups:\n - veleroappoperator.vmware.com\n\ \ resources:\n - veleroservices/status\n verbs:\n - get\n - patch\n -\ \ update\n- apiGroups:\n - vmoperator.vmware.com\n resources:\n - virtualmachines\n\ \ verbs:\n - get\n - list\n - patch\n - update\n - watch\n- apiGroups:\n\ \ - vmoperator.vmware.com\n resources:\n - virtualmachines/status\n verbs:\n\ \ - get\n - list\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\n\ metadata:\n labels:\n component: '{{ .service.prefix }}-operator'\n rbac.authorization.k8s.io/aggregate-to-edit:\ \ \"true\"\n name: '{{ .service.prefix }}-veleroservice-editor-role'\nrules:\n\ - apiGroups:\n - veleroappoperator.vmware.com\n resources:\n - veleroservices\n\ \ verbs:\n - create\n - delete\n - get\n - list\n - patch\n - update\n\ \ - watch\n- apiGroups:\n - veleroappoperator.vmware.com\n resources:\n \ \ - veleroservices/status\n verbs:\n - get\n - patch\n - update\n- apiGroups:\n\ \ - velero.io\n resources:\n - '*'\n verbs:\n - '*'\n- apiGroups:\n -\ \ datamover.cnsdp.vmware.com\n resources:\n - '*'\n verbs:\n - '*'\n- apiGroups:\n\ \ - backupdriver.cnsdp.vmware.com\n resources:\n - '*'\n verbs:\n - '*'\n\ ---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n\ \ labels:\n component: '{{ .service.prefix }}-operator'\n rbac.authorization.k8s.io/aggregate-to-view:\ \ \"true\"\n name: '{{ .service.prefix }}-veleroservice-viewer-role'\nrules:\n\ - apiGroups:\n - veleroappoperator.vmware.com\n resources:\n - veleroservices\n\ \ verbs:\n - get\n - list\n - watch\n- apiGroups:\n - veleroappoperator.vmware.com\n\ \ resources:\n - veleroservices/status\n verbs:\n - get\n- apiGroups:\n\ \ - velero.io\n resources:\n - '*'\n verbs:\n - get\n - list\n - watch\n\ - apiGroups:\n - datamover.cnsdp.vmware.com\n resources:\n - '*'\n verbs:\n\ \ - get\n - list\n - watch\n- apiGroups:\n - backupdriver.cnsdp.vmware.com\n\ \ resources:\n - '*'\n verbs:\n - get\n - list\n - watch\n---\napiVersion:\ \ rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n labels:\n\ \ component: '{{ .service.prefix }}-operator'\n name: '{{ .service.prefix\ \ }}-operator'\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n\ \ name: '{{ .service.prefix }}-operator'\nsubjects:\n- kind: ServiceAccount\n\ \ name: default\n namespace: '{{ .service.namespace }}'\n---\napiVersion:\ \ v1\nkind: Service\nmetadata:\n labels:\n component: '{{ .service.prefix\ \ }}-operator'\n component-webhook: '{{ .service.prefix }}-operator-webhook'\n\ \ name: '{{ .service.prefix }}-webhook-service'\n namespace: '{{ .service.namespace\ \ }}'\nspec:\n ports:\n - port: 443\n targetPort: 9881\n selector:\n \ \ component: '{{ .service.prefix }}-operator'\n component-webhook: '{{\ \ .service.prefix }}-operator-webhook'\n---\napiVersion: cert-manager.io/v1alpha2\n\ kind: Certificate\nmetadata:\n labels:\n component: '{{ .service.prefix\ \ }}-operator'\n component-webhook: '{{ .service.prefix }}-operator-webhook'\n\ \ name: '{{ .service.prefix }}-serving-cert'\n namespace: '{{ .service.namespace\ \ }}'\nspec:\n dnsNames:\n - '{{ .service.prefix }}-webhook-service.{{ .service.namespace\ \ }}.svc'\n - '{{ .service.prefix }}-webhook-service.{{ .service.namespace\ \ }}.svc.cluster.local'\n issuerRef:\n kind: Issuer\n name: '{{ .service.prefix\ \ }}-selfsigned-issuer'\n secretName: '{{ .service.prefix }}-webhook-service-cert'\n\ ---\napiVersion: cert-manager.io/v1alpha2\nkind: Issuer\nmetadata:\n labels:\n\ \ component: '{{ .service.prefix }}-operator'\n component-webhook: '{{\ \ .service.prefix }}-operator-webhook'\n name: '{{ .service.prefix }}-selfsigned-issuer'\n\ \ namespace: '{{ .service.namespace }}'\nspec:\n selfSigned: {}\n---\napiVersion:\ \ admissionregistration.k8s.io/v1beta1\nkind: MutatingWebhookConfiguration\n\ metadata:\n annotations:\n cert-manager.io/inject-ca-from: '{{ .service.namespace\ \ }}/{{ .service.prefix }}-serving-cert'\n creationTimestamp: null\n labels:\n\ \ component: '{{ .service.prefix }}-operator'\n component-webhook: '{{\ \ .service.prefix }}-operator-webhook'\n name: '{{ .service.prefix }}-mutating-webhook-configuration'\n\ webhooks:\n- clientConfig:\n caBundle: Cg==\n service:\n name: '{{\ \ .service.prefix }}-webhook-service'\n namespace: '{{ .service.namespace\ \ }}'\n path: /cbt-mutate-vmop-vm\n failurePolicy: Fail\n name: cbt.mutate.virtualmachine\n\ \ objectSelector:\n matchExpressions:\n - key: capw.vmware.com/cluster.name\n\ \ operator: Exists\n rules:\n - apiGroups:\n - vmoperator.vmware.com\n\ \ apiVersions:\n - v1alpha1\n operations:\n - CREATE\n - UPDATE\n\ \ resources:\n - virtualmachines\n---\napiVersion: apps/v1\nkind: Deployment\n\ metadata:\n labels:\n component: '{{ .service.prefix }}-operator'\n name:\ \ '{{ .service.prefix }}-operator'\n namespace: '{{ .service.namespace }}'\n\ spec:\n replicas: 1\n selector:\n matchLabels:\n component: '{{ .service.prefix\ \ }}-operator'\n template:\n metadata:\n labels:\n component:\ \ '{{ .service.prefix }}-operator'\n spec:\n containers:\n -\ \ args:\n - manager\n command:\n - /velero-vsphere\n\ \ image: {{ .Values.registryName | default \"vsphereveleroplugin\"\ \ }}/velero-vsphere-operator:1.1.0\n name: manager\n resources:\n\ \ limits:\n cpu: 400m\n memory: 200Mi\n\ \ requests:\n cpu: 100m\n memory: 20Mi\n\ \ hostNetwork: true\n {{ if .Values.registryUsername }}\n imagePullSecrets:\n\ \ - name: '{{ .service.prefix }}-regcred'\n {{ end }}\n nodeSelector:\n\ \ node-role.kubernetes.io/master: \"\"\n terminationGracePeriodSeconds:\ \ 10\n tolerations:\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n\ \ operator: Exists\n - effect: NoSchedule\n key: kubeadmNode\n\ \ operator: Equal\n value: master\n---\napiVersion: apps/v1\n\ kind: Deployment\nmetadata:\n labels:\n component: '{{ .service.prefix }}-operator'\n\ \ component-webhook: '{{ .service.prefix }}-operator-webhook'\n name: '{{\ \ .service.prefix }}-operator-webhook'\n namespace: '{{ .service.namespace\ \ }}'\nspec:\n replicas: 3\n selector:\n matchLabels:\n component:\ \ '{{ .service.prefix }}-operator'\n component-webhook: '{{ .service.prefix\ \ }}-operator-webhook'\n template:\n metadata:\n labels:\n component:\ \ '{{ .service.prefix }}-operator'\n component-webhook: '{{ .service.prefix\ \ }}-operator-webhook'\n name: velero-vsphere-operator-webhook\n spec:\n\ \ affinity:\n podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n\ \ - labelSelector:\n matchExpressions:\n \ \ - key: name\n operator: In\n \ \ values:\n - velero-vsphere-operator-webhook\n \ \ topologyKey: kubernetes.io/hostname\n containers:\n - args:\n\ \ - manager\n - --webhook-port=9881\n command:\n\ \ - /velero-vsphere\n image: {{ .Values.registryName | default\ \ \"vsphereveleroplugin\" }}/velero-vsphere-operator:1.1.0\n name:\ \ manager\n ports:\n - containerPort: 9881\n \ \ name: webhook-server\n protocol: TCP\n resources:\n\ \ limits:\n cpu: 400m\n memory: 200Mi\n\ \ requests:\n cpu: 100m\n memory: 20Mi\n\ \ volumeMounts:\n - mountPath: /tmp/k8s-webhook-server/serving-certs\n\ \ name: cert\n readOnly: true\n hostNetwork:\ \ true\n {{ if .Values.registryUsername }}\n imagePullSecrets:\n \ \ - name: '{{ .service.prefix }}-regcred'\n {{ end }}\n nodeSelector:\n\ \ node-role.kubernetes.io/master: \"\"\n terminationGracePeriodSeconds:\ \ 10\n tolerations:\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n\ \ operator: Exists\n - effect: NoSchedule\n key: kubeadmNode\n\ \ operator: Equal\n value: master\n volumes:\n \ \ - name: cert\n secret:\n defaultMode: 420\n \ \ secretName: '{{ .service.prefix }}-webhook-service-cert'\n---\nkind: ClusterRole\n\ apiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: velero-vsphere-operator-backup-driver-role\n\ rules:\n - apiGroups: [\"backupdriver.cnsdp.vmware.com\"]\n resources: [\"\ backuprepositoryclaims\", \"snapshots\", \"clonefromsnapshots\", \"deletesnapshots\"\ ]\n verbs: [\"get\", \"list\", \"watch\", \"update\", \"create\", \"delete\"\ ]\n - apiGroups: [\"backupdriver.cnsdp.vmware.com\"]\n resources: [\"snapshots/status\"\ , \"clonefromsnapshots/status\", \"deletesnapshots/status\"]\n verbs: [\"\ get\", \"update\", \"patch\"]\n - apiGroups: [\"\"]\n resources: [\"namespaces\"\ ]\n verbs: [\"get\"]\n - apiGroups: [\"\"]\n resources: [\"persistentvolumeclaims\"\ ]\n verbs: [\"get\", \"list\", \"watch\"]\n - apiGroups: [\"\"]\n resources:\ \ [\"persistentvolumeclaims/status\"]\n verbs: [\"get\"]\n\n---\nkind: ClusterRoleBinding\n\ apiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: velero-vsphere-operator-backup-driver-binding\n\ subjects:\n - kind: ServiceAccount\n name: default\n namespace: vmware-system-tkg\n\ roleRef:\n kind: ClusterRole\n name: velero-vsphere-operator-backup-driver-role\n\ \ apiGroup: rbac.authorization.k8s.io\n\n---\nkind: ClusterRole\napiVersion:\ \ rbac.authorization.k8s.io/v1\nmetadata:\n name: velero-vsphere-operator-webhook-delete-role\n\ rules:\n - apiGroups: [\"admissionregistration.k8s.io\"]\n resources: [\"\ mutatingwebhookconfigurations\"]\n verbs: [\"delete\", \"get\", \"list\"\ ]\n\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\n\ metadata:\n name: velero-vsphere-operator-webhook-delete-role-binding\nsubjects:\n\ \ - kind: ServiceAccount\n name: default\n namespace: vmware-system-appplatform-operator-system\n\ roleRef:\n kind: ClusterRole\n name: velero-vsphere-operator-webhook-delete-role\n\ \ apiGroup: rbac.authorization.k8s.io\n" format: plain serviceID: velero-vsphere version: '1.1.0'