Skip to content

Commit

Permalink
documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@orishoshan
orishoshan committed Aug 8, 2023
1 parent d58ffe3 commit c73c85d
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 23 deletions.
31 changes: 16 additions & 15 deletions intents-operator/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,22 @@
| `global.telemetry.enabled` | If set to `false`, anonymous telemetries collection will be disabled | `true` |

## Operator parameters
| Key | Description | Default |
|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------|
| `operator.image.repository` | Intents Operator image repository. | `otterize` |
| `operator.image.image` | Intents Operator image. | `intents-operator` |
| `operator.image.tag` | Intents Operator image tag. | `latest` |
| `operator.pullPolicy` | Intents Operator image pull policy. | `(none)` |
| `operator.autoGenerateTLSUsingCredentialsOperator` | If set to true, adds the necessary pod annotations in order to integrate with credentials-operator, and get tls certificate. | `false` |
| `operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` |
| `operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` |
| `operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` |
| `operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` |
| `operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` |
| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` |
| `operator.resources` | Resources override. | |
| `operator.enableDatabaseReconciler` | **experimental** - Enables experimental support for database intents (coming soon!) | `false` |
| Key | Description | Default |
|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------|
| `operator.image.repository` | Intents Operator image repository. | `otterize` |
| `operator.image.image` | Intents Operator image. | `intents-operator` |
| `operator.image.tag` | Intents Operator image tag. | `latest` |
| `operator.pullPolicy` | Intents Operator image pull policy. | `(none)` |
| `operator.autoGenerateTLSUsingCredentialsOperator` | If set to true, adds the necessary pod annotations in order to integrate with credentials-operator, and get tls certificate. | `false` |
| `operator.mode` | `defaultActive` or `defaultShadow`. When `defaultActive` is set, enforcement is enabled by default. When `defaultShadow` is set, enforcement is disabled by default, but can be enabled per-service using a ProtectedService resource. | `defaultActive` |
| `operator.enableEnforcement` | (deprecated, use mode instead) If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` |
| `operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` |
| `operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` |
| `operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` |
| `operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` |
| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` |
| `operator.resources` | Resources override. | |
| `operator.enableDatabaseReconciler` | **experimental** - Enables experimental support for database intents (coming soon!) | `false` |

## Watcher parameters
| Key | Description | Default |
Expand Down
17 changes: 9 additions & 8 deletions otterize-kubernetes/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,15 @@ These parameters are used by multiple charts, and must be kept the same for the
All configurable parameters of intents-operator can be configured under the alias `intentsOperator`.
Further information about intents-operator parameters can be found [in the Intents Operator's helm chart](https://github.com/otterize/helm-charts/tree/main/intents-operator).

| Key | Description | Default |
|------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
| `intentsOperator.autoGenerateTLSUsingCredentialsOperator` | Use credentials-operator to create TLS cert for intents-operator. | `true` |
| `intentsOperator.operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` |
| `intentsOperator.operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to the ClientIntents | `true` |
| `intentsOperator.operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to the ClientIntents of type Kafka | `true` |
| `intentsOperator.operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` |
| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` |
| Key | Description | Default |
|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------|
| `intentsOperator.autoGenerateTLSUsingCredentialsOperator` | Use credentials-operator to create TLS cert for intents-operator. | `true` |
| `operator.mode` | `defaultActive` or `defaultShadow`. When `defaultActive` is set, enforcement is enabled by default. When `defaultShadow` is set, enforcement is disabled by default, but can be enabled per-service using a ProtectedService resource. | `defaultActive` |
| `intentsOperator.operator.enableEnforcement` | (deprecated, use mode instead) If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` |
| `intentsOperator.operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to the ClientIntents | `true` |
| `intentsOperator.operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to the ClientIntents of type Kafka | `true` |
| `intentsOperator.operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` |
| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` |

## Telemetry

Expand Down

0 comments on commit c73c85d

Please sign in to comment.