feat: deprecate module-specific settings, expose them on module CRDs

api/formance.com/v1beta1/auth_types.go

@@ -52,6 +52,9 @@ type AuthSpec struct {
 	// in this case, if authenticated, it is ok.
 	// +kubebuilder:default:=false
 	EnableScopes bool `json:"enableScopes"`
+	// Issuers lists the OIDC issuer URLs the auth server should advertise.
+	// +optional
+	Issuers []string `json:"issuers,omitempty"`
 }
 
 type AuthStatus struct {

api/formance.com/v1beta1/gateway_types.go

@@ -46,11 +46,53 @@ type GatewayIngress struct {
 
 	// Custom annotations to add on the ingress
 	Annotations map[string]string `json:"annotations,omitempty"`
+	// Custom labels to add on the ingress
+	//+optional
+	Labels map[string]string `json:"labels,omitempty"`
 	// Allow to customize the tls part of the ingress
 	//+optional
 	TLS *GatewayIngressTLS `json:"tls,omitempty"`
 }
 
+// GatewayCaddyfileConfig holds Caddyfile-level tuning options.
+type GatewayCaddyfileConfig struct {
+	// +optional
+	TrustedProxies []string `json:"trustedProxies,omitempty"`
+	// +optional
+	TrustedProxiesStrict *bool `json:"trustedProxiesStrict,omitempty"`
+	// +optional
+	ShutdownDelay *metav1.Duration `json:"shutdownDelay,omitempty"`
+	// +optional
+	GracePeriod *metav1.Duration `json:"gracePeriod,omitempty"`
+}
+
+// GatewayServerConfig holds HTTP server tuning options.
+type GatewayServerConfig struct {
+	// +optional
+	IdleTimeout *metav1.Duration `json:"idleTimeout,omitempty"`
+}
+
+// GatewayDNSEndpoint configures a DNS endpoint managed by the gateway.
+// Name identifies the entry (e.g. "private", "public") and yields a
+// DNSEndpoint resource named "<gateway>-<name>".
+type GatewayDNSEndpoint struct {
+	// +required
+	Name string `json:"name"`
+	// +optional
+	Enabled *bool `json:"enabled,omitempty"`
+	// +optional
+	DNSNames []string `json:"dnsNames,omitempty"`
+	// +optional
+	Targets []string `json:"targets,omitempty"`
+	// +optional
+	// +kubebuilder:default:="CNAME"
+	RecordType string `json:"recordType,omitempty"`
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+	// +optional
+	ProviderSpecific map[string]string `json:"providerSpecific,omitempty"`
+}
+
 // DedupHosts returns the given hosts deduplicated, preserving order and skipping empty strings.
 func DedupHosts(input []string) []string {
 	seen := map[string]struct{}{}
@@ -79,6 +121,22 @@ type GatewaySpec struct {
 	//+optional
 	// Allow to customize the generated ingress
 	Ingress *GatewayIngress `json:"ingress,omitempty"`
+	//+optional
+	Caddyfile *GatewayCaddyfileConfig `json:"caddyfile,omitempty"`
+	//+optional
+	Config *GatewayServerConfig `json:"config,omitempty"`
+	//+optional
+	DNS []GatewayDNSEndpoint `json:"dns,omitempty"`
+}
+
+// FindDNSEndpoint returns the entry from Spec.DNS matching name, or nil.
+func (in *GatewaySpec) FindDNSEndpoint(name string) *GatewayDNSEndpoint {
+	for i := range in.DNS {
+		if in.DNS[i].Name == name {
+			return &in.DNS[i]
+		}
+	}
+	return nil
 }
 
 type GatewayStatus struct {

api/formance.com/v1beta1/ledger_types.go

@@ -20,11 +20,73 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// LedgerAPIConfig configures the ledger HTTP API behavior.
+type LedgerAPIConfig struct {
+	// +optional
+	DefaultPageSize *int `json:"defaultPageSize,omitempty"`
+	// +optional
+	MaxPageSize *int `json:"maxPageSize,omitempty"`
+	// +optional
+	BulkMaxSize *int `json:"bulkMaxSize,omitempty"`
+}
+
+// LedgerAsyncBlockHasherConfig configures the worker async block hasher.
+type LedgerAsyncBlockHasherConfig struct {
+	// +optional
+	MaxBlockSize string `json:"maxBlockSize,omitempty"`
+	// +optional
+	Schedule string `json:"schedule,omitempty"`
+}
+
+// LedgerPipelinesConfig configures the worker pipelines.
+type LedgerPipelinesConfig struct {
+	// +optional
+	PullInterval string `json:"pullInterval,omitempty"`
+	// +optional
+	PushRetryPeriod string `json:"pushRetryPeriod,omitempty"`
+	// +optional
+	SyncPeriod string `json:"syncPeriod,omitempty"`
+	// +optional
+	LogsPageSize string `json:"logsPageSize,omitempty"`
+}
+
+// LedgerBucketCleanupConfig configures the worker bucket cleanup.
+type LedgerBucketCleanupConfig struct {
+	// +optional
+	RetentionPeriod string `json:"retentionPeriod,omitempty"`
+	// +optional
+	Schedule string `json:"schedule,omitempty"`
+}
+
+// LedgerWorkerConfig configures the ledger worker.
+type LedgerWorkerConfig struct {
+	// +optional
+	AsyncBlockHasher *LedgerAsyncBlockHasherConfig `json:"asyncBlockHasher,omitempty"`
+	// +optional
+	BucketCleanup *LedgerBucketCleanupConfig `json:"bucketCleanup,omitempty"`
+	// +optional
+	Pipelines *LedgerPipelinesConfig `json:"pipelines,omitempty"`
+}
+
 type LedgerSpec struct {
 	ModuleProperties `json:",inline"`
 	StackDependency  `json:",inline"`
 	// +optional
 	Auth *AuthConfig `json:"auth,omitempty"`
+	// +optional
+	ExperimentalFeatures *bool `json:"experimentalFeatures,omitempty"`
+	// +optional
+	ExperimentalNumscript *bool `json:"experimentalNumscript,omitempty"`
+	// +optional
+	ExperimentalNumscriptFlags []string `json:"experimentalNumscriptFlags,omitempty"`
+	// +optional
+	ExperimentalExporters *bool `json:"experimentalExporters,omitempty"`
+	// +optional
+	SchemaEnforcementMode string `json:"schemaEnforcementMode,omitempty"`
+	// +optional
+	API *LedgerAPIConfig `json:"api,omitempty"`
+	// +optional
+	Worker *LedgerWorkerConfig `json:"worker,omitempty"`
 }
 
 type LedgerStatus struct {

api/formance.com/v1beta1/orchestration_types.go

@@ -25,6 +25,8 @@ type OrchestrationSpec struct {
 	ModuleProperties `json:",inline"`
 	// +optional
 	Auth *AuthConfig `json:"auth,omitempty"`
+	// +optional
+	MaxParallelActivities *int `json:"maxParallelActivities,omitempty"`
 }
 
 type OrchestrationStatus struct {

api/formance.com/v1beta1/payments_types.go

@@ -20,13 +20,31 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// PaymentsWorkerConfig configures the payments worker temporal client.
+type PaymentsWorkerConfig struct {
+	// +optional
+	TemporalMaxConcurrentWorkflowTaskPollers *int `json:"temporalMaxConcurrentWorkflowTaskPollers,omitempty"`
+	// +optional
+	TemporalMaxConcurrentActivityTaskPollers *int `json:"temporalMaxConcurrentActivityTaskPollers,omitempty"`
+	// +optional
+	TemporalMaxSlotsPerPoller *int `json:"temporalMaxSlotsPerPoller,omitempty"`
+	// +optional
+	TemporalMaxLocalActivitySlots *int `json:"temporalMaxLocalActivitySlots,omitempty"`
+}
+
 type PaymentsSpec struct {
 	StackDependency  `json:",inline"`
 	ModuleProperties `json:",inline"`
 	// +optional
 	EncryptionKey string `json:"encryptionKey"`
 	// +optional
 	Auth *AuthConfig `json:"auth,omitempty"`
+	// ClearTemporal controls whether the Temporal namespace/schedule is
+	// torn down when the resource is deleted. Defaults to true when unset.
+	// +optional
+	ClearTemporal *bool `json:"clearTemporal,omitempty"`
+	// +optional
+	Worker *PaymentsWorkerConfig `json:"worker,omitempty"`
 }
 
 type PaymentsStatus struct {

api/formance.com/v1beta1/shared.go

@@ -246,6 +246,9 @@ type AuthConfig struct {
 	ReadKeySetMaxRetries int `json:"readKeySetMaxRetries"`
 	// +optional
 	CheckScopes bool `json:"checkScopes"`
+	// Issuers lists the OIDC issuer URLs the module should trust.
+	// +optional
+	Issuers []string `json:"issuers,omitempty"`
 }
 
 // +kubebuilder:object:generate=false

api/formance.com/v1beta1/transactionplane_types.go

@@ -25,6 +25,8 @@ type TransactionPlaneSpec struct {
 	ModuleProperties `json:",inline"`
 	// +optional
 	Auth *AuthConfig `json:"auth,omitempty"`
+	// +optional
+	WorkerEnabled *bool `json:"workerEnabled,omitempty"`
 }
 
 type TransactionPlaneStatus struct {