From c73c85df08f85c216a6980378cca9f1a2a4f82ad Mon Sep 17 00:00:00 2001 From: Ori Shoshan Date: Tue, 8 Aug 2023 20:52:22 +0300 Subject: [PATCH] documentation --- intents-operator/README.md | 31 ++++++++++++++++--------------- otterize-kubernetes/README.md | 17 +++++++++-------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/intents-operator/README.md b/intents-operator/README.md index fb3daa53..8175c6b4 100644 --- a/intents-operator/README.md +++ b/intents-operator/README.md @@ -7,21 +7,22 @@ | `global.telemetry.enabled` | If set to `false`, anonymous telemetries collection will be disabled | `true` | ## Operator parameters -| Key | Description | Default | -|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------| -| `operator.image.repository` | Intents Operator image repository. | `otterize` | -| `operator.image.image` | Intents Operator image. | `intents-operator` | -| `operator.image.tag` | Intents Operator image tag. | `latest` | -| `operator.pullPolicy` | Intents Operator image pull policy. | `(none)` | -| `operator.autoGenerateTLSUsingCredentialsOperator` | If set to true, adds the necessary pod annotations in order to integrate with credentials-operator, and get tls certificate. | `false` | -| `operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` | -| `operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` | -| `operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` | -| `operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` | -| `operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | -| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | -| `operator.resources` | Resources override. | | -| `operator.enableDatabaseReconciler` | **experimental** - Enables experimental support for database intents (coming soon!) | `false` | +| Key | Description | Default | +|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `operator.image.repository` | Intents Operator image repository. | `otterize` | +| `operator.image.image` | Intents Operator image. | `intents-operator` | +| `operator.image.tag` | Intents Operator image tag. | `latest` | +| `operator.pullPolicy` | Intents Operator image pull policy. | `(none)` | +| `operator.autoGenerateTLSUsingCredentialsOperator` | If set to true, adds the necessary pod annotations in order to integrate with credentials-operator, and get tls certificate. | `false` | +| `operator.mode` | `defaultActive` or `defaultShadow`. When `defaultActive` is set, enforcement is enabled by default. When `defaultShadow` is set, enforcement is disabled by default, but can be enabled per-service using a ProtectedService resource. | `defaultActive` | +| `operator.enableEnforcement` | (deprecated, use mode instead) If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` | +| `operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` | +| `operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` | +| `operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` | +| `operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | +| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` | +| `operator.resources` | Resources override. | | +| `operator.enableDatabaseReconciler` | **experimental** - Enables experimental support for database intents (coming soon!) | `false` | ## Watcher parameters | Key | Description | Default | diff --git a/otterize-kubernetes/README.md b/otterize-kubernetes/README.md index 919ee47c..4e4d24c8 100644 --- a/otterize-kubernetes/README.md +++ b/otterize-kubernetes/README.md @@ -36,14 +36,15 @@ These parameters are used by multiple charts, and must be kept the same for the All configurable parameters of intents-operator can be configured under the alias `intentsOperator`. Further information about intents-operator parameters can be found [in the Intents Operator's helm chart](https://github.com/otterize/helm-charts/tree/main/intents-operator). -| Key | Description | Default | -|------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| -| `intentsOperator.autoGenerateTLSUsingCredentialsOperator` | Use credentials-operator to create TLS cert for intents-operator. | `true` | -| `intentsOperator.operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` | -| `intentsOperator.operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to the ClientIntents | `true` | -| `intentsOperator.operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to the ClientIntents of type Kafka | `true` | -| `intentsOperator.operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` | -| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | +| Key | Description | Default | +|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------| +| `intentsOperator.autoGenerateTLSUsingCredentialsOperator` | Use credentials-operator to create TLS cert for intents-operator. | `true` | +| `operator.mode` | `defaultActive` or `defaultShadow`. When `defaultActive` is set, enforcement is enabled by default. When `defaultShadow` is set, enforcement is disabled by default, but can be enabled per-service using a ProtectedService resource. | `defaultActive` | +| `intentsOperator.operator.enableEnforcement` | (deprecated, use mode instead) If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` | +| `intentsOperator.operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to the ClientIntents | `true` | +| `intentsOperator.operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to the ClientIntents of type Kafka | `true` | +| `intentsOperator.operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` | +| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` | ## Telemetry