|
| 1 | +apiVersion: operators.coreos.com/v1alpha1 |
| 2 | +kind: ClusterServiceVersion |
| 3 | +metadata: |
| 4 | + annotations: |
| 5 | + alm-examples: |- |
| 6 | + [ |
| 7 | + { |
| 8 | + "apiVersion": "wafv2.services.k8s.aws/v1alpha1", |
| 9 | + "kind": "IPSet", |
| 10 | + "metadata": { |
| 11 | + "name": "example" |
| 12 | + }, |
| 13 | + "spec": {} |
| 14 | + } |
| 15 | + ] |
| 16 | + capabilities: Basic Install |
| 17 | + categories: Cloud Provider |
| 18 | + certified: "false" |
| 19 | + containerImage: public.ecr.aws/aws-controllers-k8s/wafv2-controller:1.0.6 |
| 20 | + createdAt: "2025-03-28T17:54:09Z" |
| 21 | + description: AWS WAFV2 controller is a service controller for managing WAFV2 resources |
| 22 | + in Kubernetes |
| 23 | + operatorframework.io/suggested-namespace: ack-system |
| 24 | + operators.operatorframework.io/builder: operator-sdk-v1.28.0 |
| 25 | + operators.operatorframework.io/project_layout: unknown |
| 26 | + repository: https://github.com/aws-controllers-k8s |
| 27 | + support: Community |
| 28 | + labels: |
| 29 | + operatorframework.io/arch.amd64: supported |
| 30 | + operatorframework.io/arch.arm64: supported |
| 31 | + operatorframework.io/os.linux: supported |
| 32 | + name: ack-wafv2-controller.v1.0.6 |
| 33 | + namespace: placeholder |
| 34 | +spec: |
| 35 | + apiservicedefinitions: {} |
| 36 | + customresourcedefinitions: |
| 37 | + owned: |
| 38 | + - description: IPSet represents the state of an AWS wafv2 IPSet resource. |
| 39 | + displayName: IPSet |
| 40 | + kind: IPSet |
| 41 | + name: ipsets.wafv2.services.k8s.aws |
| 42 | + version: v1alpha1 |
| 43 | + - description: RuleGroup represents the state of an AWS wafv2 RuleGroup resource. |
| 44 | + displayName: RuleGroup |
| 45 | + kind: RuleGroup |
| 46 | + name: rulegroups.wafv2.services.k8s.aws |
| 47 | + version: v1alpha1 |
| 48 | + - description: WebACL represents the state of an AWS wafv2 WebACL resource. |
| 49 | + displayName: WebACL |
| 50 | + kind: WebACL |
| 51 | + name: webacls.wafv2.services.k8s.aws |
| 52 | + version: v1alpha1 |
| 53 | + description: |- |
| 54 | + Manage Amazon Web Application Firewall (Amazon WAFV2) resources in AWS from within your Kubernetes cluster. |
| 55 | +
|
| 56 | + **About Amazon WAFV2** |
| 57 | +
|
| 58 | + AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to your protected web application resources. You can protect the following resource types: |
| 59 | + - Amazon CloudFront distribution |
| 60 | + - Amazon API Gateway REST API |
| 61 | + - Application Load Balancer |
| 62 | + - AWS AppSync GraphQL API |
| 63 | + - Amazon Cognito user pool |
| 64 | + - AWS App Runner service |
| 65 | + - AWS Verified Access instance |
| 66 | +
|
| 67 | + **About the AWS Controllers for Kubernetes** |
| 68 | +
|
| 69 | + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**. |
| 70 | +
|
| 71 | + **Pre-Installation Steps** |
| 72 | +
|
| 73 | + Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) |
| 74 | + displayName: AWS Controllers for Kubernetes - Amazon WAFV2 |
| 75 | + icon: |
| 76 | + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== |
| 77 | + mediatype: image/svg+xml |
| 78 | + install: |
| 79 | + spec: |
| 80 | + clusterPermissions: |
| 81 | + - rules: |
| 82 | + - apiGroups: |
| 83 | + - "" |
| 84 | + resources: |
| 85 | + - configmaps |
| 86 | + - secrets |
| 87 | + verbs: |
| 88 | + - get |
| 89 | + - list |
| 90 | + - patch |
| 91 | + - watch |
| 92 | + - apiGroups: |
| 93 | + - "" |
| 94 | + resources: |
| 95 | + - namespaces |
| 96 | + verbs: |
| 97 | + - get |
| 98 | + - list |
| 99 | + - watch |
| 100 | + - apiGroups: |
| 101 | + - services.k8s.aws |
| 102 | + resources: |
| 103 | + - adoptedresources |
| 104 | + - fieldexports |
| 105 | + verbs: |
| 106 | + - create |
| 107 | + - delete |
| 108 | + - get |
| 109 | + - list |
| 110 | + - patch |
| 111 | + - update |
| 112 | + - watch |
| 113 | + - apiGroups: |
| 114 | + - services.k8s.aws |
| 115 | + resources: |
| 116 | + - adoptedresources/status |
| 117 | + - fieldexports/status |
| 118 | + verbs: |
| 119 | + - get |
| 120 | + - patch |
| 121 | + - update |
| 122 | + - apiGroups: |
| 123 | + - wafv2.services.k8s.aws |
| 124 | + resources: |
| 125 | + - ipsets |
| 126 | + - rulegroups |
| 127 | + - webacls |
| 128 | + verbs: |
| 129 | + - create |
| 130 | + - delete |
| 131 | + - get |
| 132 | + - list |
| 133 | + - patch |
| 134 | + - update |
| 135 | + - watch |
| 136 | + - apiGroups: |
| 137 | + - wafv2.services.k8s.aws |
| 138 | + resources: |
| 139 | + - ipsets/status |
| 140 | + - rulegroups/status |
| 141 | + - webacls/status |
| 142 | + verbs: |
| 143 | + - get |
| 144 | + - patch |
| 145 | + - update |
| 146 | + serviceAccountName: ack-wafv2-controller |
| 147 | + deployments: |
| 148 | + - label: |
| 149 | + app.kubernetes.io/name: ack-wafv2-controller |
| 150 | + app.kubernetes.io/part-of: ack-system |
| 151 | + name: ack-wafv2-controller |
| 152 | + spec: |
| 153 | + replicas: 1 |
| 154 | + selector: |
| 155 | + matchLabels: |
| 156 | + app.kubernetes.io/name: ack-wafv2-controller |
| 157 | + strategy: {} |
| 158 | + template: |
| 159 | + metadata: |
| 160 | + labels: |
| 161 | + app.kubernetes.io/name: ack-wafv2-controller |
| 162 | + spec: |
| 163 | + containers: |
| 164 | + - args: |
| 165 | + - --aws-region |
| 166 | + - $(AWS_REGION) |
| 167 | + - --aws-endpoint-url |
| 168 | + - $(AWS_ENDPOINT_URL) |
| 169 | + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) |
| 170 | + - --log-level |
| 171 | + - $(ACK_LOG_LEVEL) |
| 172 | + - --resource-tags |
| 173 | + - $(ACK_RESOURCE_TAGS) |
| 174 | + - --watch-namespace |
| 175 | + - $(ACK_WATCH_NAMESPACE) |
| 176 | + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) |
| 177 | + - --leader-election-namespace |
| 178 | + - $(LEADER_ELECTION_NAMESPACE) |
| 179 | + - --reconcile-default-max-concurrent-syncs |
| 180 | + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) |
| 181 | + - --feature-gates |
| 182 | + - $(FEATURE_GATES) |
| 183 | + command: |
| 184 | + - ./bin/controller |
| 185 | + env: |
| 186 | + - name: ACK_SYSTEM_NAMESPACE |
| 187 | + valueFrom: |
| 188 | + fieldRef: |
| 189 | + fieldPath: metadata.namespace |
| 190 | + envFrom: |
| 191 | + - configMapRef: |
| 192 | + name: ack-wafv2-user-config |
| 193 | + optional: false |
| 194 | + - secretRef: |
| 195 | + name: ack-wafv2-user-secrets |
| 196 | + optional: true |
| 197 | + image: public.ecr.aws/aws-controllers-k8s/wafv2-controller:1.0.6 |
| 198 | + livenessProbe: |
| 199 | + httpGet: |
| 200 | + path: /healthz |
| 201 | + port: 8081 |
| 202 | + initialDelaySeconds: 15 |
| 203 | + periodSeconds: 20 |
| 204 | + name: controller |
| 205 | + ports: |
| 206 | + - containerPort: 8080 |
| 207 | + name: http |
| 208 | + readinessProbe: |
| 209 | + httpGet: |
| 210 | + path: /readyz |
| 211 | + port: 8081 |
| 212 | + initialDelaySeconds: 5 |
| 213 | + periodSeconds: 10 |
| 214 | + resources: |
| 215 | + limits: |
| 216 | + cpu: 100m |
| 217 | + memory: 300Mi |
| 218 | + requests: |
| 219 | + cpu: 100m |
| 220 | + memory: 200Mi |
| 221 | + securityContext: |
| 222 | + allowPrivilegeEscalation: false |
| 223 | + capabilities: |
| 224 | + drop: |
| 225 | + - ALL |
| 226 | + privileged: false |
| 227 | + runAsNonRoot: true |
| 228 | + dnsPolicy: ClusterFirst |
| 229 | + securityContext: |
| 230 | + seccompProfile: |
| 231 | + type: RuntimeDefault |
| 232 | + serviceAccountName: ack-wafv2-controller |
| 233 | + terminationGracePeriodSeconds: 10 |
| 234 | + permissions: |
| 235 | + - rules: |
| 236 | + - apiGroups: |
| 237 | + - coordination.k8s.io |
| 238 | + resources: |
| 239 | + - leases |
| 240 | + verbs: |
| 241 | + - get |
| 242 | + - list |
| 243 | + - watch |
| 244 | + - create |
| 245 | + - update |
| 246 | + - patch |
| 247 | + - delete |
| 248 | + - apiGroups: |
| 249 | + - "" |
| 250 | + resources: |
| 251 | + - events |
| 252 | + verbs: |
| 253 | + - create |
| 254 | + - patch |
| 255 | + serviceAccountName: ack-wafv2-controller |
| 256 | + strategy: deployment |
| 257 | + installModes: |
| 258 | + - supported: true |
| 259 | + type: OwnNamespace |
| 260 | + - supported: true |
| 261 | + type: SingleNamespace |
| 262 | + - supported: true |
| 263 | + type: MultiNamespace |
| 264 | + - supported: true |
| 265 | + type: AllNamespaces |
| 266 | + keywords: |
| 267 | + - wafv2 |
| 268 | + - aws |
| 269 | + - amazon |
| 270 | + - ack |
| 271 | + links: |
| 272 | + - name: AWS Controllers for Kubernetes |
| 273 | + url: https://github.com/aws-controllers-k8s/community |
| 274 | + - name: Documentation |
| 275 | + url: https://aws-controllers-k8s.github.io/community/ |
| 276 | + - name: Amazon WAFV2 Developer Resources |
| 277 | + url: https://aws.amazon.com/waf/resources/ |
| 278 | + maintainers: |
| 279 | + |
| 280 | + name: wafv2 maintainer team |
| 281 | + maturity: alpha |
| 282 | + provider: |
| 283 | + name: Amazon, Inc. |
| 284 | + url: https://aws.amazon.com |
| 285 | + version: 1.0.6 |
0 commit comments